- mozilla-nspr
-
- update to version 4.35
* fixes for building with clang
* use the number of online processors for the
PR_GetNumberOfProcessors() API on some platforms
* fix build on mips+musl libc
* Add support for the LoongArch 64-bit architecture
- mozilla-nss
-
- update to NSS 3.90
* bmo#1623338 - ride along: remove a duplicated doc page
* bmo#1623338 - remove a reference to IRC
* bmo#1831983 - clang-format lib/freebl/stubs.c
* bmo#1831983 - Add a constant time select function
* bmo#1774657 - Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access.
* bmo#1830973 - output early build errors by default
* bmo#1804505 - Update the technical constraints for KamuSM
* bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates
* bmo#1790763 - Enable default UBSan Checks
* bmo#1786018 - Add explicit handling of zero length records
* bmo#1829391 - Tidy up DTLS ACK Error Handling Path
* bmo#1786018 - Refactor zero length record tests
* bmo#1829112 - Fix compiler warning via correct assert
* bmo#1755267 - run linux tests on nss-t/t-linux-xlarge-gcp
* bmo#1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator
* bmo#1784163 - Fix reading raw negative numbers
* bmo#1748237 - Repairing unreachable code in clang built with gyp
* bmo#1783647 - Integrate Vale Curve25519
* bmo#1799468 - Removing unused flags for Hacl*
* bmo#1748237 - Adding a better error message
* bmo#1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6
* bmo#1782980 - Fall back to the softokn when writing certificate trust
* bmo#1806010 - FIPS-104-3 requires we restart post programmatically
* bmo#1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13
* bmo#1818766 - Update ACVP dockerfile for compatibility with debian package changes
* bmo#1815796 - Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files
* bmo#1819958 - Removed deprecated sprintf function and replaced with snprintf
* bmo#1822076 - fix rst warnings in nss doc
* bmo#1821997 - Fix incorrect pygment style
* bmo#1821292 - Change GYP directive to apply across platforms
* Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag
- Add nss-fix-bmo1836925.patch to fix build-errors
- Merge the libfreebl3-hmac and libsoftokn3-hmac packages
into the respective libraries. (bsc#1185116)
- update to NSS 3.89.1
* bmo#1804505 - Update the technical constraints for KamuSM.
* bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates.
- update to NSS 3.89
* bmo#1820834 - revert freebl/softoken RSA_MIN_MODULUS_BITS increase
* bmo#1820175 - PR_STATIC_ASSERT is cursed
* bmo#1767883 - Need to add policy control to keys lengths for signatures
* bmo#1820175 - Fix unreachable code warning in fuzz builds
* bmo#1820175 - Fix various compiler warnings in NSS
* bmo#1820175 - Enable various compiler warnings for clang builds
* bmo#1815136 - set PORT error after sftk_HMACCmp failure
* bmo#1767883 - Need to add policy control to keys lengths for signatures
* bmo#1804662 - remove data length assertion in sec_PKCS7Decrypt
* bmo#1804660 - Make high tag number assertion failure an error
* bmo#1817513 - CKM_SHA384_KEY_DERIVATION correction maximum key
length from 284 to 384
* bmo#1815167 - Tolerate certificate_authorities xtn in ClientHello
* bmo#1789436 - Fix build failure on Windows
* bmo#1811337 - migrate Win 2012 tasks to Azure
* bmo#1810702 - fix title length in doc
* bmo#1570615 - Add interop tests for HRR and PSK to GREASE suite
* bmo#1570615 - Add presence/absence tests for TLS GREASE
* bmo#1804688 - Correct addition of GREASE value to ALPN xtn
* bmo#1789436 - CH extension permutation
* bmo#1570615 - TLS GREASE (RFC8701)
* bmo#1804640 - improve handling of unknown PKCS#12 safe bag types
* bmo#1815870 - use a different treeherder symbol for each docker
image build task
* bmo#1815868 - pin an older version of the ubuntu:18.04 and
20.04 docker images
* bmo#1810702 - remove nested table in rst doc
* bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag
* bmo#1812671 - build failure while implicitly casting SECStatus
to PRUInt32
- update to NSS 3.88.1
* bmo#1804640 - improve handling of unknown PKCS#12 safe bag types
- update to NSS 3.88
* bmo#1815870 - use a different treeherder symbol for each docker
image build task
* bmo#1815868 - pin an older version of the ubuntu:18.04 and
20.04 docker images
* bmo#1810702 - remove nested table in rst doc
* bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag.
* bmo#1812671 - build failure while implicitly casting SECStatus
to PRUInt32
* bmo#1212915 - Add check for ClientHello SID max length
* bmo#1771100 - Added EarlyData ALPN test support to BoGo shim
* bmo#1790357 - ECH client - Discard resumption TLS < 1.3
Session(IDs|Tickets) if ECH configs are setup
* bmo#1714245 - On HRR skip PSK incompatible with negotiated
ciphersuites hash algorithm
* bmo#1789410 - ECH client: Send ech_required alert on server
negotiating TLS 1.2. Fixed misleading Gtest,
enabled corresponding BoGo test
* bmo#1771100 - Added Bogo ECH rejection test support
* bmo#1771100 - Added ECH 0Rtt support to BoGo shim
* bmo#1747957 - RSA OAEP Wycheproof JSON
* bmo#1747957 - RSA decrypt Wycheproof JSON
* bmo#1747957 - ECDSA Wycheproof JSON
* bmo#1747957 - ECDH Wycheproof JSON
* bmo#1747957 - PKCS#1v1.5 wycheproof json
* bmo#1747957 - Use X25519 wycheproof json
* bmo#1766767 - Move scripts to python3
* bmo#1809627 - Properly link FuzzingEngine for oss-fuzz.
* bmo#1805907 - Extending RSA-PSS bltest test coverage
(Adding SHA-256 and SHA-384)
* bmo#1804091 - NSS needs to move off of DSA for integrity checks
* bmo#1805815 - Add initial testing with ACVP vector sets using
acvp-rust
* bmo#1806369 - Don't clone libFuzzer, rely on clang instead
- update to NSS 3.87
* bmo#1803226 - NULL password encoding incorrect
* bmo#1804071 - Fix rng stub signature for fuzzing builds
* bmo#1803595 - Updating the compiler parsing for build
* bmo#1749030 - Modification of supported compilers
* bmo#1774654 - tstclnt crashes when accessing gnutls server
without a user cert in the database.
* bmo#1751707 - Add configuration option to enable source-based
coverage sanitizer
* bmo#1751705 - Update ECCKiila generated files.
* bmo#1730353 - Add support for the LoongArch 64-bit architecture
* bmo#1798823 - add checks for zero-length RSA modulus to avoid
memory errors and failed assertions later
* bmo#1798823 - Additional zero-length RSA modulus checks
- Remove nss-fix-bmo1774654.patch which is now upstream
- update to NSS 3.86
* bmo#1803190 - conscious language removal in NSS
* bmo#1794506 - Set nssckbi version number to 2.60
* bmo#1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and
CKA_NSS_EMAIL_DISTRUST_AFTER for 3
TrustCor Root Certificates
* bmo#1799038 - Remove Staat der Nederlanden EV Root CA from NSS
* bmo#1797559 - Remove EC-ACC root cert from NSS
* bmo#1794507 - Remove SwissSign Platinum CA - G2 from NSS
* bmo#1794495 - Remove Network Solutions Certificate Authority
* bmo#1802331 - compress docker image artifact with zstd
* bmo#1799315 - Migrate nss from AWS to GCP
* bmo#1800989 - Enable static builds in the CI
* bmo#1765759 - Removing SAW docker from the NSS build system
* bmo#1783231 - Initialising variables in the rsa blinding code
* bmo#320582 - Implementation of the double-signing of the message
for ECDSA
* bmo#1783231 - Adding exponent blinding for RSA.
- update to NSS 3.85
* bmo#1792821 - Modification of the primes.c and dhe-params.c in
order to have better looking tables
* bmo#1796815 - Update zlib in NSS to 1.2.13
* bmo#1796504 - Skip building modutil and shlibsign when building
in Firefox
* bmo#1796504 - Use __STDC_VERSION__ rather than __STDC__ as a guard
* bmo#1796407 - Fix -Wunused-but-set-variable warning from clang 15
* bmo#1796308 - Fix -Wtautological-constant-out-of-range-compare
and -Wtype-limits warnings
* bmo#1796281 - Followup: add missing stdint.h include
* bmo#1796281 - Fix -Wint-to-void-pointer-cast warnings
* bmo#1796280 - Fix -Wunused-{function,variable,but-set-variable}
warnings on Windows
* bmo#1796079 - Fix -Wstring-conversion warnings
* bmo#1796075 - Fix -Wempty-body warnings
* bmo#1795242 - Fix unused-but-set-parameter warning
* bmo#1795241 - Fix unreachable-code warnings
* bmo#1795222 - Mark _nss_version_c unused on clang-cl
* bmo#1795668 - Remove redundant variable definitions in lowhashtest
* Add note about python executable to build instructions.
- update to NSS 3.84
* bmo#1791699 - Bump minimum NSPR version to 4.35
* bmo#1792103 - Add a flag to disable building libnssckbi.
- update to NSS 3.83
* bmo#1788875 - Remove set-but-unused variables from
SEC_PKCS12DecoderValidateBags
* bmo#1563221 - remove older oses that are unused part3/ BeOS
* bmo#1563221 - remove older unix support in NSS part 3 Irix
* bmo#1563221 - remove support for older unix in NSS part 2 DGUX
* bmo#1563221 - remove support for older unix in NSS part 1 OSF
* bmo#1778413 - Set nssckbi version number to 2.58
* bmp#1785297 - Add two SECOM root certificates to NSS
* bmo#1787075 - Add two DigitalSign root certificates to NSS
* bmo#1778412 - Remove Camerfirma Global Chambersign Root from NSS
* bmo#1771100 - Added bug reference and description to disabled
UnsolicitedServerNameAck bogo ECH test
* bmo#1779361 - Removed skipping of ECH on equality of private and
public server name
* bmo#1779357 - Added comment and bug reference to
ECHRandomHRRExtension bogo test
* bmo#1779370 - Added Bogo shim client HRR test support. Fixed
overwriting of CHInner.random on HRR
* bmo#1779234 - Added check for server only sending ECH extension
with retry configs in EncryptedExtensions and if not
accepting ECH. Changed config setting behavior to
skip configs with unsupported mandatory extensions
instead of failing
* bmo# 1771100 - Added ECH client support to BoGo shim. Changed
CHInner creation to skip TLS 1.2 only extensions to
comply with BoGo
* bmo#1771100 - Added ECH server support to BoGo shim. Fixed NSS ECH
server accept_confirmation bugs
* bmo#1771100 - Update BoGo tests to recent BoringSSL version
* bmo#1785846 - Bump minimum NSPR version to 4.34.1
- update to NSS 3.82
* bmo#1330271 - check for null template in sec_asn1{d,e}_push_state
* bmo#1735925 - QuickDER: Forbid NULL tags with non-zero length
* bmo#1784724 - Initialize local variables in
TlsConnectTestBase::ConnectAndCheckCipherSuite
* bmo#1784191 - Cast the result of GetProcAddress
* bmo#1681099 - pk11wrap: Tighten certificate lookup based on
PKCS #11 URI.
- update to NSS 3.81
* bmo#1762831 - Enable aarch64 hardware crypto support on OpenBSD
* bmo#1775359 - make NSS_SecureMemcmp 0/1 valued
* bmo#1779285 - Add no_application_protocol alert handler and
test client error code is set
* bmo#1777672 - Gracefully handle null nickname in
CERT_GetCertNicknameWithValidity
* required for Firefox 104
- raised NSPR requirement to 4.34.1
- changing some Requires from (pre) to generic as (pre) is not
sufficient (boo#1202118)
- update to NSS 3.80
* bmo#1774720 - Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h.
* bmo#1617956 - Add support for asynchronous client auth hooks.
* bmo#1497537 - nss-policy-check: make unknown keyword check optional.
* bmo#1765383 - GatherBuffer: Reduced plaintext buffer allocations
by allocating it on initialization. Replaced
redundant code with assert. Debug builds: Added
buffer freeing/allocation for each record.
* bmo#1773022 - Mark 3.79 as an ESR release.
* bmo#1764206 - Bump nssckbi version number for June.
* bmo#1759815 - Remove Hellenic Academic 2011 Root.
* bmo#1770267 - Add E-Tugra Roots.
* bmo#1768970 - Add Certainly Roots.
* bmo#1764392 - Add DigitCert Roots.
* bmo#1759794 - Protect SFTKSlot needLogin with slotLock.
* bmo#1366464 - Compare signature and signatureAlgorithm fields in
legacy certificate verifier.
* bmo#1771497 - Uninitialized value in cert_VerifyCertChainOld.
* bmo#1771495 - Unchecked return code in sec_DecodeSigAlg.
* bmo#1771498 - Uninitialized value in cert_ComputeCertType.
* bmo#1760998 - Avoid data race on primary password change.
* bmo#1769063 - Replace ppc64 dcbzl intrinisic.
* bmo#1771036 - Allow LDFLAGS override in makefile builds.
- azure-cli
-
- Drop python3-pytest dependency from Requires (bsc#1214728)
- Rewrite ac_avoid_isclose.patch to use a copy of isclose()
- Add missing python3-azure-mgmt-resource to Requires
- Add python3-python2-secrets to Requires
- Fix multiple compatibility issues with Python 3.4 (bsc#1203658)
+ Add patch to avoid f-strings in the Python code
* ac_avoid_f-strings.patch
+ Add patch to avoid http.HTTPStatus in the Python code
* ac_avoid_httpstatus.patch
+ Add patch to avoid isclose() in the Python code
* ac_avoid_isclose.patch
- Extend %check section to test individual az commands
+ Determine current list of available az commands
+ Ignore sub-commands for now
+ Iterate over all commands and run az --help
+ Print OK or FAIL depending on the result for each call
+ Make failures non-fatal for now
- curl
-
- Security fix: [bsc#1215026, CVE-2023-38039]
* http: return error when receiving too large header
* Add curl-CVE-2023-38039.patch
- Security fix: [bsc#1213237, CVE-2023-32001]
* fopen race condition: libcurl can be told to save cookie,
HSTS and/or alt-svc data to files. When doing this, it
called 'stat()' followed by 'fopen()' in a way that made
it vulnerable to a TOCTOU race condition problem.
* Add curl-CVE-2023-32001.patch
- supportutils-plugin-suse-public-cloud
-
- Update to version 1.0.8 (bsc#1213951)
+ Capture CSP billing adapter config and log (issue#13)
+ Accept upper case Amazon string in DMI table (issue#12)
- libcap
-
- Fixed integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup()
(bsc#1211419 / CVE-2023-2603) CVE-2023-2603.patch
- openssh
-
- Add openssh-CVE-2023-38408-PKCS11-execution.patch, Abort if
requested to load a PKCS#11 provider that isnt a PKCS#11
provider (bsc#1213504,CVE-2023-38408)
- dbus-1
-
- Sometimes unprivileged users were able to crash dbus-daemon
(CVE-2023-34969, bsc#1212126)
* fix-upstream-CVE-2023-34969.patch
- libxml2
-
- Security update:
* [CVE-2023-39615, bsc#1214768] Crafted xml can cause global
buffer overflow
- Added file libxml2-CVE-2023-39615.patch
- cloud-netconfig
-
- Update to version 1.8:
+ Fix Azure metadata check (bsc#1214715)
+ Fix cleanup on ifdown
- apparmor
-
- Explicitly prefer apache2 instead of apache2-tls13; (bsc#1213941)
- Add samba-fix-log-plugin-denied.patch to fix apparmor profile
denied log messages for samba/winbind; (bsc#1208798).
- python-configobj
-
- Add CVE-2023-26112.patch (bsc#1210070)
- ca-certificates-mozilla
-
- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
Added:
- Atos TrustedRoot Root CA ECC G2 2020
- Atos TrustedRoot Root CA ECC TLS 2021
- Atos TrustedRoot Root CA RSA G2 2020
- Atos TrustedRoot Root CA RSA TLS 2021
- BJCA Global Root CA1
- BJCA Global Root CA2
- LAWtrust Root CA2 (4096)
- Sectigo Public Email Protection Root E46
- Sectigo Public Email Protection Root R46
- Sectigo Public Server Authentication Root E46
- Sectigo Public Server Authentication Root R46
- SSL.com Client ECC Root CA 2022
- SSL.com Client RSA Root CA 2022
- SSL.com TLS ECC Root CA 2022
- SSL.com TLS RSA Root CA 2022
Removed CAs:
- Chambers of Commerce Root
- E-Tugra Certification Authority
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Hongkong Post Root CA 1
- perl
-
- enable TLS cert verification in CPAN [bnc#1210999] [CVE-2023-31484]
new patch: perl-cpan_verify_cert.diff
- wicked
-
- ifconfig: fix arp notify loop (boo#1212806) and burst sending
[+ 0001-fix_arp_notify_loop_and_burst_sending.patch]
- update to version 0.6.73
- spec: cleanup artefacts and fix some rpmlint warnings
- arp: allow verify/notify counter and interval configuration
- arp: handle ENOBUFS sending errors (bsc#1203300)
- extensions: improve environment variable handling
- firmware: refactor firmware extension definition
- firmware: enable, disable and revert cli commands
- code cleanup: fix memory leaks, add array/list utils
- wireless: Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026)
- cleanup /var/run leftovers in extension scripts (bsc#1194557)
- json: output formatting improvements and Unicode support
- bond: workaround 6.1 kernel enslave regression (boo#1206674)
- update to version 0.6.72
- client: add `wicked firmware extensions|interfaces|enable|disable`
command to improve `ibft`,`nbft`,`redfish` firmware extension and
interface handling.
- client: improve error handling in netif firmware discovery
extension execution and extension definition overrides in
the wicked-config.
- nanny: fix use-after-free in debug mode (bsc#1206447)
- spec: replace transitional `%usrmerged` macro with regular
version check (boo#1206798)
- client: improve to show `no-carrier` in ifstatus output
- linux: cleanup inclusions and update uapi header to 6.0
- ethtool: link mode nwords cleanup and new advertise mode names
- update to version 0.6.71
- dhcp: enable raw-ip support for wwan-qmi interfaces (jsc#PED-90)
- schema: fix the ip rule to-selector to handle network prefixes
- spec: Add /etc/sysconfig/network to file list, no longer in the
default list of a cleaned up filesystem package on tumbleweed
(https://github.com/openSUSE/wicked/pull/939).
- util-linux
-
- Add upstream patch util-linux-bash-completion-shell-character-escape-CVE-2018-7738.patch
Fix shell code injection in umount bash-completions (bsc#1213865, CVE-2018-7738)
- util-linux-fix-tests-when-at-symbol-in-path.patch:
Add patch to util-linux-systemd and python3-libmount, as it was
previously only included in util-linux.
- azure-cli-core
-
- Fix multiple compatibility issues with Python 3.4 (bsc#1203658)
+ Add patch to avoid http.HTTPStatus in the Python code
* ac_avoid_httpstatus.patch
- procps
-
- Update legacy pmap to know about new ProtectionKey in smaps
- Add patch CVE-2023-4016.patch
* CVE-2023-4016: ps buffer overflow (bsc#1214290)
- coreutils
-
- Add coreutils-chcon-skip-validation-if-selinux-disabled.patch to
avoid unnecessary failure in case SELinux is disabled.
(bsc#1212999)
- wget
-
- Fixed Host name when CONNECT is used
[bsc#1213898, wget-http-specify-Host-when-CONNECT-is-used.patch]
- binutils
-
- Update to version 2.41 [PED-5778]:
* The MIPS port now supports the Sony Interactive Entertainment Allegrex
processor, used with the PlayStation Portable, which implements the MIPS
II ISA along with a single-precision FPU and a few implementation-specific
integer instructions.
* Objdump's --private option can now be used on PE format files to display the
fields in the file header and section headers.
* New versioned release of libsframe: libsframe.so.1. This release introduces
versioned symbols with version node name LIBSFRAME_1.0. This release also
updates the ABI in an incompatible way: this includes removal of
sframe_get_funcdesc_with_addr API, change in the behavior of
sframe_fre_get_ra_offset and sframe_fre_get_fp_offset APIs.
* SFrame Version 2 is now the default (and only) format version supported by
gas, ld, readelf and objdump.
* Add command-line option, --strip-section-headers, to objcopy and strip to
remove ELF section header from ELF file.
* The RISC-V port now supports the following new standard extensions:
- Zicond (conditional zero instructions)
- Zfa (additional floating-point instructions)
- Zvbb, Zvbc, Zvkg, Zvkned, Zvknh[ab], Zvksed, Zvksh, Zvkn, Zvknc, Zvkng,
Zvks, Zvksc, Zvkg, Zvkt (vector crypto instructions)
* The RISC-V port now supports the following vendor-defined extensions:
- XVentanaCondOps
* Add support for Intel FRED, LKGS and AMX-COMPLEX instructions.
* A new .insn directive is recognized by x86 gas.
* Add SME2 support to the AArch64 port.
* The linker now accepts a command line option of --remap-inputs
<PATTERN>=<FILE> to relace any input file that matches <PATTERN> with
<FILE>. In addition the option --remap-inputs-file=<FILE> can be used to
specify a file containing any number of these remapping directives.
* The linker command line option --print-map-locals can be used to include
local symbols in a linker map. (ELF targets only).
* For most ELF based targets, if the --enable-linker-version option is used
then the version of the linker will be inserted as a string into the .comment
section.
* The linker script syntax has a new command for output sections: ASCIZ "string"
This will insert a zero-terminated string at the current location.
* Add command-line option, -z nosectionheader, to omit ELF section
header.
- Removed obsolete patches: binutils-2.40-branch.diff.gz,
riscv-dynamic-tls-reloc-pie.patch, riscv-pr22263-1.patch,
extensa-gcc-4_3-fix.diff .
- Add binutils-2.41-branch.diff.gz .
- Add binutils-old-makeinfo.diff for SLE-12 and older.
- Rebased aarch64-common-pagesize.patch and binutils-revert-rela.diff .
- Contains fixes for these non-CVEs (not security bugs per upstreams
SECURITY.md):
* bsc#1209642 aka CVE-2023-1579 aka PR29988
* bsc#1210297 aka CVE-2023-1972 aka PR30285
* bsc#1210733 aka CVE-2023-2222 aka PR29936
* bsc#1213458 aka CVE-2021-32256 aka PR105039 (gcc)
* bsc#1214565 aka CVE-2020-19726 aka PR26240
* bsc#1214567 aka CVE-2022-35206 aka PR29290
* bsc#1214579 aka CVE-2022-35205 aka PR29289
* bsc#1214580 aka CVE-2022-44840 aka PR29732
* bsc#1214604 aka CVE-2022-45703 aka PR29799
* bsc#1214611 aka CVE-2022-48065 aka PR29925
* bsc#1214619 aka CVE-2022-48064 aka PR29922
* bsc#1214620 aka CVE-2022-48063 aka PR29924
* bsc#1214623 aka CVE-2022-47696 aka PR29677
* bsc#1214624 aka CVE-2022-47695 aka PR29846
* bsc#1214625 aka CVE-2022-47673 aka PR29876
- Add binutils-disable-dt-relr.sh for an compatibility problem
caused by binutils-revert-rela.diff in SLE codestreams.
Needed for update of glibc as that would otherwise pick up
the broken relative relocs support. [bsc#1213282, PED-1435]
- This only existed only for a very short while in SLE-15, as the main
variant in devel:gcc subsumed this in binutils-revert-rela.diff.
Hence:
- Remove binutils-disable-dt-relr.sh as subsumed.
- riscv-dynamic-tls-reloc-pie.patch: Backport for PR ld/22263 and PR
ld/25694
- riscv-pr22263-1.patch: Backport for PR ld/22263
- Rebase branch patch (includes fix for PR30281).
- Document fixed CVEs:
* bnc#1208037 aka CVE-2023-25588 aka PR29677
* bnc#1208038 aka CVE-2023-25587 aka PR29846
* bnc#1208040 aka CVE-2023-25585 aka PR29892
* bnc#1208409 aka CVE-2023-0687 aka PR29444
- Enable bpf-none cross target and add bpf-none to the multitarget
set of supported targets.
- Disable packed-relative-relocs for old codestreams. They generate
buggy relocations when binutils-revert-rela.diff is active.
[bsc#1206556]
- Disable ZSTD debug section compress by default.
- Enable zstd compression algorithm (instead of zlib)
for debug info sections by default.
- Pack libgprofng only for supported platforms.
- Remove upstreamed patch binutils-maxpagesize.diff.
- Rebase binutils-2.40-branch.diff.gz as it includes fix for PR30043.
- Move libgprofng-related libraries to the proper locations (packages).
- Add --without=bootstrap for skipping of bootstrap (faster testing
of the package).
- Remove broken arm32-avoid-copyreloc.patch to fix [gcc#108515]
- Update to version 2.40:
* Objdump has a new command line option --show-all-symbols which will make it
display all symbols that match a given address when disassembling. (Normally
only the first symbol that matches an address is shown).
* Add --enable-colored-disassembly configure time option to enable colored
disassembly output by default, if the output device is a terminal. Note,
this configure option is disabled by default.
* DCO signed contributions are now accepted.
* objcopy --decompress-debug-sections now supports zstd compressed debug
sections. The new option --compress-debug-sections=zstd compresses debug
sections with zstd.
* addr2line and objdump --dwarf now support zstd compressed debug sections.
* The dlltool program now accepts --deterministic-libraries and
- -non-deterministic-libraries as command line options to control whether or
not it generates deterministic output libraries. If neither of these options
are used the default is whatever was set when the binutils were configured.
* readelf and objdump now have a newly added option --sframe which dumps the
SFrame section.
* Add support for Intel RAO-INT instructions.
* Add support for Intel AVX-NE-CONVERT instructions.
* Add support for Intel MSRLIST instructions.
* Add support for Intel WRMSRNS instructions.
* Add support for Intel CMPccXADD instructions.
* Add support for Intel AVX-VNNI-INT8 instructions.
* Add support for Intel AVX-IFMA instructions.
* Add support for Intel PREFETCHI instructions.
* Add support for Intel AMX-FP16 instructions.
* gas now supports --compress-debug-sections=zstd to compress
debug sections with zstd.
* Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd}
that selects the default compression algorithm
for --enable-compressed-debug-sections.
* Add support for various T-Head extensions (XTheadBa, XTheadBb, XTheadBs,
XTheadCmo, XTheadCondMov, XTheadFMemIdx, XTheadFmv, XTheadInt, XTheadMemIdx,
XTheadMemPair, XTheadMac, and XTheadSync) from version 2.0 of the T-Head
ISA manual, which are implemented in the Allwinner D1.
* Add support for the RISC-V Zawrs extension, version 1.0-rc4.
* Add support for Cortex-X1C for Arm.
* New command line option --gsframe to generate SFrame unwind information
on x86_64 and aarch64 targets.
* The linker has a new command line option to suppress the generation of any
warning or error messages. This can be useful when there is a need to create
a known non-working binary. The option is -w or --no-warnings.
* ld now supports zstd compressed debug sections. The new option
- -compress-debug-sections=zstd compresses debug sections with zstd.
* Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd}
that selects the default compression algorithm
for --enable-compressed-debug-sections.
* Remove support for -z bndplt (MPX prefix instructions).
- Rebased patches: add-ulp-section.diff, ld-relro.diff, binutils-revert-plt32-in-branches.diff,
cross-avr-size.patch.
- Removed patch: binutils-pr29482.diff.
- New patch: extensa-gcc-4_3-fix.diff.
- Includes fixes for these CVEs:
* bnc#1206080 aka CVE-2022-4285 aka PR29699
- Enable by default: --enable-colored-disassembly.
- fix build on x86_64_vX platforms
- openssl-1_0_0
-
- Security fix: (bsc#1213853, CVE-2023-3817)
* Fix excessive time spent checking DH q parameter value
(bsc#1213853, CVE-2023-3817). The function DH_check() performs
various checks on DH parameters. After fixing CVE-2023-3446 it
was discovered that a large q parameter value can also trigger
an overly long computation during some of these checks. A
correct q value, if present, cannot be larger than the modulus
p parameter, thus it is unnecessary to perform these checks if
q is larger than p. If DH_check() is called with such q parameter
value, DH_CHECK_INVALID_Q_VALUE return flag is set and the
computationally intensive checks are skipped.
* Add openssl-1_0-CVE-2023-3817.patch
- Security fix: [bsc#1213487, CVE-2023-3446]
* Fix DH_check() excessive time with over sized modulus.
* The function DH_check() performs various checks on DH parameters.
One of those checks confirms that the modulus ("p" parameter) is
not too large. Trying to use a very large modulus is slow and
OpenSSL will not normally use a modulus which is over 10,000 bits
in length.
However the DH_check() function checks numerous aspects of the
key or parameters that have been supplied. Some of those checks
use the supplied modulus value even if it has already been found
to be too large.
A new limit has been added to DH_check of 32,768 bits. Supplying
a key/parameters with a modulus over this size will simply cause
DH_check() to fail.
* Add openssl-CVE-2023-3446.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
* Reworked the Fix for the Timing Oracle in RSA Decryption
The previous fix for this timing side channel turned out to cause
a severe 2-3x performance regression in the typical use case
compared to 1.1.1s.
* Reworked openssl-CVE-2022-4304.patch
* Refreshed openssl-CVE-2023-0286.patch
- openssl-1_1
-
- Security fix: (bsc#1213853, CVE-2023-3817)
* Fix excessive time spent checking DH q parameter value
(bsc#1213853, CVE-2023-3817). The function DH_check() performs
various checks on DH parameters. After fixing CVE-2023-3446 it
was discovered that a large q parameter value can also trigger
an overly long computation during some of these checks. A
correct q value, if present, cannot be larger than the modulus
p parameter, thus it is unnecessary to perform these checks if
q is larger than p. If DH_check() is called with such q parameter
value, DH_CHECK_INVALID_Q_VALUE return flag is set and the
computationally intensive checks are skipped.
* Add openssl-1_1-CVE-2023-3817.patch
- Dont pass zero length input to EVP_Cipher because assembler
optimized AES cannot handle zero size. [bsc#1213517]
* Add openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch
- Security fix: [bsc#1213487, CVE-2023-3446]
* Fix DH_check() excessive time with over sized modulus.
* The function DH_check() performs various checks on DH parameters.
One of those checks confirms that the modulus ("p" parameter) is
not too large. Trying to use a very large modulus is slow and
OpenSSL will not normally use a modulus which is over 10,000 bits
in length.
However the DH_check() function checks numerous aspects of the
key or parameters that have been supplied. Some of those checks
use the supplied modulus value even if it has already been found
to be too large.
A new limit has been added to DH_check of 32,768 bits. Supplying
a key/parameters with a modulus over this size will simply cause
DH_check() to fail.
* Add openssl-CVE-2023-3446.patch openssl-CVE-2023-3446-test.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
* Reworked the Fix for the Timing Oracle in RSA Decryption
The previous fix for this timing side channel turned out to cause
a severe 2-3x performance regression in the typical use case
compared to 1.1.1s.
* Add openssl-CVE-2022-4304.patch
* Removed patches:
- openssl-CVE-2022-4304-1of2.patch
- openssl-CVE-2022-4304-2of2.patch
* Refreshed openssl-CVE-2023-0286.patch
- Update further expiring certificates that affect tests [bsc#1201627]
* Add openssl-Update-further-expiring-certificates.patch
- perl-Bootloader
-
- merge gh#openSUSE/perl-bootloader#152
- use signed grub EFI binary when updating grub in default EFI
location (bsc#1210799)
- check whether grub2-install supports --suse-force-signed option
- 0.944
- merge gh#openSUSE/perl-bootloader#147
- UEFI: update also default location, if it is controlled by SUSE
(bsc#1210799, bsc#1201399)
- 0.943
- merge gh#openSUSE/perl-bootloader#142
- use fw_platform_size to distinguish between 32 bit and 64 bit
UEFI platforms (bsc#1208003)
- 0.942
- merge gh#openSUSE/perl-bootloader#141
- systemd-boot: easier initial setup
- 0.941
- merge gh#openSUSE/perl-bootloader#140
- add basic support for systemd-boot
- 0.940
- merge gh#openSUSE/perl-bootloader#139
- fix sysconfig parsing (bsc#1198828)
- 0.939
- merge gh#openSUSE/perl-bootloader#138
- grub2/install: reset error code when passing through recover code
(bsc#1198197)
- 0.938
- merge gh#openSUSE/perl-bootloader#137
- grub2 install: Support secure boot on powerpc (bsc#1192764
jsc#SLE-18271).
- 0.937
- merge gh#openSUSE/perl-bootloader#136
- report error if config file could not be updated (bsc#1188768)
- 0.936
- merge gh#openSUSE/perl-bootloader#135
- fix typo in update-bootloader
- 0.935
- merge gh#openSUSE/perl-bootloader#134
- install with --removable if efivars are not writable
(bsc#1182749, bsc#1174111, bsc#1184160)
- fix whitespace
- 0.934
- merge gh#openSUSE/perl-bootloader#133
- use shim on aarch64 (jsc#SLE-15823, jsc#SLE-15020)
- 0.933
- merge gh#openSUSE/perl-bootloader#131
- grub2 install: honor UPDATE_NVRAM in /etc/sysconfig/bootloader
(bsc#1157550 jsc#SLE-11500).
- 0.932
- merge gh#openSUSE/perl-bootloader#129
- Check tpm.mod in the new grub2 directory (bsc#1174320)
- 0.931
- merge gh#openSUSE/perl-bootloader#130
- Throw less warnings about fstab
- 0.930
- merge gh#openSUSE/perl-bootloader#128
- Do not warn about missing SECURE_BOOT sysconfig
- 0.929
- merge gh#openSUSE/perl-bootloader#127
- use correct target name on aarch64 (bsc#1172293)
- 0.928
- merge gh#openSUSE/perl-bootloader#126
- always install EFI fallback boot for aarch64 (bsc#1167015)
- 0.927
- merge gh#openSUSE/perl-bootloader#123
- Accept sysconfig values without quotes
- 0.926
- merge gh#openSUSE/perl-bootloader#122
- Replace --suse-signed-grub by --suse-force-signed to follow
update from boo#1136601
- 0.925
- merge gh#openSUSE/perl-bootloader#121
- Fix secureboot on aarch64 (boo#1136601)
- [RFC] Fix secureboot on aarch64 (boo#1136601)
- 0.924
- cryptsetup
-
- luksFormat: Handle system with low memory and no swap space [bsc#1211079]
* Check for physical memory available also in PBKDF benchmark.
* Try to avoid OOM killer on low-memory systems without swap.
* Use only half of detected free memory on systems without swap.
* Add patches:
- cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch
- cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
- cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch
- python-azure-mgmt-appconfiguration
-
- Downgrade to upstream version 0.6.0
- Update Requires from setup.py
- libdb-4_8
-
- Fix incomplete license tag. [bsc#1099695]
- cloud-regionsrv-client
-
- Update to version 10.1.1 (bsc#1210020, bsc#1210021)
+ Clean up the system if baseproduct registraion fails to leave the
system in prestine state
+ Log when the registercloudguest command is invoked with --clean
- _product:SLES-release
-
n/a
- cups
-
- cups-1.7.5-CVE-2023-4504.patch fixes CVE-2023-4504
"CUPS PostScript Parsing Heap Overflow"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h
bsc#1215204
- cups-1.7.5-CVE-2023-32360.patch fixes CVE-2023-32360
"Information leak through Cups-Get-Document operation"
by requiring authentication for CUPS-Get-Document in cupsd.conf
https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913
https://github.com/OpenPrinting/cups/security/advisories/GHSA-7pv4-hx8c-gr4g
bsc#1214254
- cups-1.7.5-additional_policies.patch is an updated version
of cups-1.7-additional_policies.patch that replaces it
to add the 'allowallforanybody' policy to cupsd.conf
after cups-1.7.5-CVE-2023-32360.patch was applied
- cups-1.7.5-CVE-2023-34241.patch fixes CVE-2023-34241
"use-after-free in cupsdAcceptClient()"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25
bsc#1212230
- python3-requests
-
- Add CVE-2023-32681.patch to fix unintended leak of
Proxy-Authorization header (CVE-2023-32681, bsc#1211674)
Upstream commit: gh#psf/requests@74ea7cf7a6a2
- gawk
-
- format-tree-positional-arg.patch: Validate index into argument list
(CVE-2023-4156, bsc#1214025)
- libzypp
-
- curl: Trim user agent and custom header strings (bsc#1212187)
HTTP/2 RFC 9113 forbids fields ending with a space. Violation
results in curl error: 92: HTTP/2 PROTOCOL_ERROR.
- version 16.22.8 (0)
- insserv-compat
-
- remove not needed named entry from insserv.conf (bsc#1052837,
bsc#1212955)
- parted
-
- fix dm sector size (bsc#1186371)
- add: libparted-dm-sector-size.patch
- python-requests
-
- Add CVE-2023-32681.patch to fix unintended leak of
Proxy-Authorization header (CVE-2023-32681, bsc#1211674)
Upstream commit: gh#psf/requests@74ea7cf7a6a2
- util-linux-systemd
-
- Add upstream patch util-linux-bash-completion-shell-character-escape-CVE-2018-7738.patch
Fix shell code injection in umount bash-completions (bsc#1213865, CVE-2018-7738)
- util-linux-fix-tests-when-at-symbol-in-path.patch:
Add patch to util-linux-systemd and python3-libmount, as it was
previously only included in util-linux.
- vim
-
- Updated to version 9.0 with patch level 1572, fixes the following security problems
* Fixing bsc#1210996 (CVE-2023-2426) - VUL-0: CVE-2023-2426: vim: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
* Fixing bsc#1211256 (CVE-2023-2609) - VUL-1: CVE-2023-2609: vim: NULL Pointer Dereference prior to 9.0.1531
* Fixing bsc#1211257 (CVE-2023-2610) - VUL-1: CVE-2023-2610: vim: Integer Overflow or Wraparound prior to 9.0.1532
* Fixing bsc#1209042 (CVE-2023-1264) - VUL-0: CVE-2023-1264: vim: NULL Pointer Dereference vim prior to 9.0.1392
* Fixing bsc#1209187 (CVE-2023-1355) - VUL-0: CVE-2023-1355: vim: NULL Pointer Dereference prior to 9.0.1402.
* Fixing bsc#1208828 (CVE-2023-1127) - VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
- drop vim-8.0-ttytype-test.patch as it changes test_options.vim which we
remove during %prep anyway. And this breaks quilt setup.
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.1386...v9.0.1572
- python-pip
-
- Remove .exe files from package (bsc#1212015)
- python-base
-
- Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing
gh#python/cpython#108310, backport from upstream patch
gh#python/cpython#108315
(bsc#1214692, CVE-2023-40217)
- Fix the application of the python-2.7.17-switch-off-failing-SSL-tests.patch.
- python-2.7.5-multilib.patch: Update for riscv64
- Don't fail if _ctypes or dl extension was not built
- The condition around libnsl-devel BuildRequires is NOT
switching off NIS support on SLE < 15, support for NIS used to
be in the glibc itself. Partial revert of sr#1061583.
- Add PygmentsBridge-trime_doctest_flags.patch to allow build of
the documentation even with the current Sphinx. (SUSE-ONLY
PATCH, DO NOT SEND UPSTREAM!)
- Enable --with-system-ffi for non-standard architectures.
- SLE-12 builds nis.so as well.
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
bsc#1208471) blocklists bypass via the urllib.parse component
when supplying a URL that starts with blank characters
- Disable NIS for new products, it's deprecated and gets removed
- Add skip_unverified_test.patch because apparently switching off
SSL verification doesn't work on older SLE.
- Restore python-2.7.9-sles-disable-verification-by-default.patch
for SLE-12.
- yast2-samba-client
-
- Use translation macro for range settings expert details text;
(bsc#1197936).
- 3.1.24
- python36
-
- Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing
gh#python/cpython#108310, backport from upstream patch
gh#python/cpython#108315
(bsc#1214692, CVE-2023-40217)
- bind
-
- Security Fix:
* The overmem cleaning process has been improved, to prevent the
cache from significantly exceeding the configured
max-cache-size limit.
[bsc#1212544, CVE-2023-2828, bind-CVE-2023-2828.patch]
- samba
-
- secure channel faulty since Windows 10/11 update 07/2023;
(bso#15418); (bsc#1213384).
- CVE-2022-2127: lm_resp_len not checked properly in
winbindd_pam_auth_crap_send; (bso#15072); (bsc#1213174).
- CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite
Loop Denial-of-Service Vulnerability; (bso#15340); (bsc#1213173).
- CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type
Confusion Denial-of-Service Vulnerability; (bso#15341); (bsc#1213172).
- CVE-2023-34968: Spotlight server-side Share Path Disclosure;
(bso#15388); (bsc#1213171).
- gcc12
-
- Add gcc12-aarch64-bsc1214052.patch to fix -fstack-protector issues
with variable length stack allocations on aarch64.
Fixes CVE-2023-4039. [bsc#1214052]
- Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204
* includes regression bug fixes
- Add gcc12-testsuite-fixes.patch to pick testsuite related fixes
from the branch after the release.
- Speed up builds with --enable-link-serialization.
- Update to gcc-12 branch head, 193f7e62815b4089dfaed4c2bd3, git749
- Don't rely on %usrmerged, set it based on standard %suse_version
- Update to gcc-12 branch head, e4b5fec75aa8d0d01f6e042ec28, git696
* remove gcc12-fifo-jobserver-support.patch which is now
included upstream
- avoid trailing backslashes at the end of post install scripts
- Update to gcc-12 branch head, 0aaef83351473e8f4eb774f8f99, git537
- Update embedded newlib to version 4.2.0
* includes newlib-4.1.0-aligned_alloc.patch
- add gcc12-riscv-inline-atomics.patch,
gcc12-riscv-pthread.patch: handle subword size inline atomics
(needed by several openSUSE packages)
- krb5
-
- Ensure array count consistency in kadm5 RPC; (bsc#1214054);
(CVE-2023-36054);
- Added patches:
* 0127-Ensure-array-count-consistency-in-kadm5-RPC.patch
- dbus-1-x11
-
- Sometimes unprivileged users were able to crash dbus-daemon
(CVE-2023-34969, bsc#1212126)
* fix-upstream-CVE-2023-34969.patch
- kernel-default
-
- s390/cio: cio_ignore_proc_seq_next should increase position
index (git-fixes bsc#1215057).
- commit 128857d
- s390/dasd/cio: Interpret ccw_device_get_mdc return value
correctly (git-fixes bsc#1215049).
- commit a97aee2
- s390/zcrypt: handle new reply code FILTERED_BY_HYPERVISOR
(git-fixes bsc#1215046).
- commit 44d01f3
- s390/uaccess: avoid (false positive) compiler warnings
(git-fixes bsc#1215041).
- commit 59bf770
- s390/qdio: add sanity checks to the fast-requeue path (git-fixes
bsc#1215038).
- commit b52d0b2
- s390/kasan: fix strncpy_from_user kasan checks (git-fixes
bsc#1215037).
- commit 9a9cc75
- s390: zcrypt: initialize variables before_use (git-fixes
bsc#1215036).
- commit 4af7ade
- s390/pkey: add one more argument space for debug feature entry
(git-fixes bsc#1215035).
- commit 06b1fa0
- s390/dasd: Fix capacity calculation for large volumes (git-fixes
bsc#1215034).
- commit 3bac622
- s390/zcrypt: improve special ap message cmd handling (git-fixes
bsc#1215032).
- commit 13e8aa1
- s390/kdump: Fix memleak in nt_vmcoreinfo (git-fixes
bsc#1215028).
- commit b9151e6
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
(bsc#1214233 CVE-2023-40283).
- commit eabaa85
- drm/vmwgfx: Test shader type against SVGA3d_SHADERTYPE_MIN (bsc#1203517 CVE-2022-36402)
- commit 90f1895
- add upstream tags to a few pci-hyperv patches
- commit a255269
- sched/fair: Fix CFS bandwidth hrtimer expiry type (git fixes).
- sched/fair: Don't NUMA balance for kthreads (git fixes).
- sched/core: Check quota and period overflow at usec to nsec
conversion (git fixes).
- sched/core: Handle overflow in cpu_shares_write_u64 (git fixes).
- sched/cpufreq: Fix kobject memleak (git fixes).
- sched/topology: Fix off by one bug (git fixes).
- commit 1834f8f
- blacklist.conf: Cosmetic, not fix
- commit 59cf877
- blacklist.conf: Relatively high-risk given the lack of a customer bug
- commit b474f56
- scsi: storvsc: Fix handling of virtual Fibre Channel timeouts
(git-fixes).
- scsi: storvsc: Always set no_report_opcodes (git-fixes).
- commit 1d90748
- blacklist.conf: optimization
- commit 117c6b0
- blacklist.conf: obsoleted by later patch
- commit 260ff3e
- blacklist.conf: kABI
- commit e0a5839
- blacklist.conf: kABI
- commit 980539d
- blacklist.conf: optimization
- commit 2fe1477
- scsi: qla2xxx: Remove unused variables in
qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
- Revert "scsi: qla2xxx: Fix buffer overrun" (bsc#1214928).
- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit()
(bsc#1214928).
- scsi: qla2xxx: Remove unsupported ql2xenabledif option
(bsc#1214928).
- scsi: qla2xxx: Error code did not return to upper layer
(bsc#1214928).
- scsi: qla2xxx: Add logs for SFP temperature monitoring
(bsc#1214928).
- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
- scsi: qla2xxx: Flush mailbox commands on chip reset
(bsc#1214928).
- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
- scsi: qla2xxx: Remove unused declarations (bsc#1214928).
- commit e3144fe
- series: update metadata qla2xxx
- Refresh
patches.suse/scsi-qla2xxx-Adjust-IOCB-resource-on-qpair-create.patch.
- Refresh patches.suse/scsi-qla2xxx-Fix-TMF-leak-through.patch.
- Refresh
patches.suse/scsi-qla2xxx-Fix-command-flush-during-TMF.patch.
- Refresh
patches.suse/scsi-qla2xxx-Fix-deletion-race-condition.patch.
- Refresh
patches.suse/scsi-qla2xxx-Fix-erroneous-link-up-failure.patch.
- Refresh patches.suse/scsi-qla2xxx-Fix-session-hang-in-gnl.patch.
- Refresh
patches.suse/scsi-qla2xxx-Limit-TMF-to-8-per-function.patch.
- Refresh
patches.suse/scsi-qla2xxx-Turn-off-noisy-message-log.patch.
- Refresh
patches.suse/scsi-qla2xxx-Update-version-to-10.02.08.500-k.patch.
- Refresh
patches.suse/scsi-qla2xxx-fix-inconsistent-TMF-timeout.patch.
- commit a78c0e0
- blacklist: add nvme-tcp/nvme-rdma path freeze patches
- commit bfd23fd
- module: avoid allocation if module is already present and ready
(bsc#1213921).
- commit ea88fa3
- module: move check_modinfo() early to early_mod_check()
(bsc#1213921).
- commit 4dd579c
- module: move early sanity checks into a helper (bsc#1213921).
- commit 2966d5d
- module: extract patient module check into helper (bsc#1213921).
- commit ee26ffe
- blacklist.conf: Drop invplg patch
- commit 6d986f2
- x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes).
- commit 3755873
- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
- commit 4f2adfa
- x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes).
- commit 059349a
- x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes).
- commit ebd4ce9
- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
- commit 2e7ba0d
- x86/bugs: Reset speculation control settings on init (git-fixes).
- commit ef1a64e
- x86/ioapic: Don't return 0 from arch_dynirq_lower_bound() (git-fixes).
- commit 819086a
- x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
- commit a399606
- x86/microcode/AMD: Load late on both threads too (git-fixes).
- commit 1a17c86
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (git-fixes).
- commit 80a2dc8
- x86/cpu: Fix amd_check_microcode() declaration (git-fixes).
- commit 2702ba0
- x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
- commit 723e612
- x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes).
- commit ee9c9b3
- blacklist.conf: Ignore a bunch of useless patches
They primarily relate to the GDS mitigations but have some implicit
dependencies which aren't satisfied in SLE12-SP5 hence can't be
backported without breaking the boot flow.
- commit 8a7a083
- NFS: Guard against READDIR loop when entry names exceed
MAXNAMELEN (git-fixes).
- nfs/blocklayout: Use the passed in gfp flags (git-fixes).
- NFSD: da_addr_body field missing in some GETDEVICEINFO replies
(git-fixes).
- fs: lockd: avoid possible wrong NULL parameter (git-fixes).
- NFSD: add encoding of op_recall flag for write delegation
(git-fixes).
- commit 9627d5e
- blacklist.conf: optimization
- commit 0093119
- blacklist.conf: optimization
- commit 8d089ae
- Bluetooth: nokia: fix value check in
nokia_bluetooth_serdev_probe() (git-fixes).
- commit 65ce64f
- SUNRPC: always clear XPRT_SOCK_CONNECTING before
xprt_clear_connecting on TCP xprt (bsc#1214453).
- commit 262ee00
- libceph: fix potential hang in ceph_osdc_notify() (bsc#1214752).
- commit bb71e26
- usb-storage: alauda: Fix uninit-value in alauda_check_media()
(git-fixes).
- commit 699a0f7
- USB: serial: simple: sort driver entries (git-fixes).
- commit cd31a2c
- USB: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes).
- commit 01910f6
- blacklist.conf: Add 541676078b52 membarrier: Disable preemption when calling smp_call_function_many()
- commit abc325d
- blacklist.conf: Add 295d6d5e3736 sched/deadline: Fix switching to -deadline
- commit eabea96
- blacklist.conf: Add ad789f84c9a1 sched/debug: Fix cgroup_path[] serialization
- commit 668acbe
- blacklist.conf: Add a46d14eca7b7 sched/fair: Use rq_lock/unlock in online_fair_sched_group
- commit f2e125e
- USB: serial: option: add Quectel EC200A module support
(git-fixes).
- commit 6a79fcc
- USB: serial: option: support Quectel EM060K_128 (git-fixes).
- commit 08d37b2
- USB: serial: option: add Quectel EM061KGL series (git-fixes).
- commit 8761a7d
- USB: serial: option: add LARA-R6 01B PIDs (git-fixes).
- commit f1fab77
- USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
- commit b920356
- net-sysfs: Call dev_hold always in rx_queue_add_kobject
(git-fixes).
- commit 90595e2
- net-sysfs: Call dev_hold always in netdev_queue_add_kobject
(git-fixes).
- commit 890c248
- net-sysfs: fix netdev_queue_add_kobject() breakage (git-fixes).
- commit 29ae172
- blacklist.conf: add drivers/net/arcnet/
- commit 49ea450
- blacklist.conf: add CAIF drivers
- commit e788b55
- blacklist.conf: add CONFIG_WAN and CONFIG_IEEE802154 drivers
- commit 26fa349
- blacklist.conf: add CONFIG_ROSE
- commit 9103b7d
- blacklist.conf: add CONFIG_DECNET
- commit ffa631c
- blacklist.conf: add CONFIG_PHONET
- commit bd0a4a9
- blacklist.conf: add CONFIG_NETROM
- commit f7b4f72
- blacklist.conf: add CONFIG_X25
- commit 482c65e
- blacklist.conf: add CONFIG_IEEE802154
- commit 3234431
- blacklist.conf: update blacklist
- commit 9ca64d4
- netfilter: ipset: Fix an error code in ip_set_sockfn_get()
(git-fixes).
- commit 9e5e119
- bridge: ebtables: don't crash when using dnat target in output
chains (git-fixes).
- commit 6755ab5
- net-sysfs: Fix reference count leak in rx|netdev_queue_add_kobject (git-fixes).
- commit ba3b4ef
- xfrm: release device reference for invalid state (git-fixes).
- commit edb4011
- net/fq_impl: Switch to kvmalloc() for memory allocation (git-fixes).
- commit fc2b65b
- blacklist.conf: add CONFIG_BATMAN_ADV
- commit 4a7aeb7
- net: mana: add support for XDP_QUERY_PROG (jsc#SLE-18779, bsc#1214209).
- commit 2072e0b
- Input: cyttsp4_core - change del_timer_sync() to
timer_shutdown_sync() (bsc#1213971 CVE-2023-4134).
- commit 3678dd9
- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (bsc#1213927, CVE-2023-20588).
- commit 7b74a19
- x86/CPU/AMD: Do not leak quotient data after a division by 0 (bsc#1213927, CVE-2023-20588).
- commit c7be7bc
- net: nfc: Fix use-after-free caused by nfc_llcp_find_local
(bsc#1213601 CVE-2023-3863).
- nfc: llcp: simplify llcp_sock_connect() error paths (bsc#1213601
CVE-2023-3863).
- nfc: llcp: nullify llcp_sock->dev on connect() error paths
(bsc#1213601 CVE-2023-3863).
- commit d4622dc
- nfc: Fix to check for kmemdup failure (bsc#1213601
CVE-2023-3863).
Refresh
patches.suse/nfc-fix-refcount-leak-in-llcp_sock_connect.patch.
patches.suse/nfc-fix-memory-leak-in-llcp_sock_connect.patch.
patches.suse/net-nfc-fix-use-after-free-llcp_sock_bind-connect.patch.
- commit 8e06144
- Refresh patches.suse/x86-srso-add-ibpb.patch.
CPU_IBPB_ENTRY is non-existant on our kernels and we effectively always
have it enabled, adjust patch accordingly.
- commit ef69893
- x86/vmware: Enable steal time accounting (bsc#1210327).
- commit af543f3
- x86/vmware: Add steal time clock support for VMware guests
(bsc#1210327).
- commit 7743a65
- x86/cpu/vmware: Fix platform detection VMWARE_PORT macro
(bsc#1210327).
- commit ea2bc47
- x86/cpu/vmware: Use the full form of INL in VMWARE_HYPERCALL,
for clang/llvm (bsc#1210327).
- commit 1575f32
- x86/cpu/vmware: Use the full form of INL in VMWARE_PORT
(bsc#1210327).
- commit 2a67cd9
- net: vmxnet3: fix possible NULL pointer dereference in
vmxnet3_rq_cleanup() (bsc#1214451 CVE-2023-4459).
- commit 070c8ea
- kabi/severities: Ignore newly added SRSO mitigation functions
- commit 8a99b91
- blacklist.conf: add drivers/net/ethernet/lantiq_etop.c
- commit 26afac4
- net: bnx2x: fix variable dereferenced before check (git-fixes).
- commit bda0298
- tun: fix bonding active backup with arp monitoring (git-fixes).
- commit 60e162e
- bonding: Fix a use-after-free problem when
bond_sysfs_slave_add() failed (git-fixes).
- commit 7b40920
- USB: serial: option: add support for VW/Skoda "Carstick LTE"
(git-fixes).
- commit 7c6d92a
- USB: serial: option: add Quectel EM05CN modem (git-fixes).
- commit 6429943
- USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes).
- commit e6e99a8
- net: tun: fix bugs for oversize packet when napi frags enabled
(bsc#1213543 CVE-2023-3812).
- commit 6b178d4
- USB: serial: cp210x: add SCALANCE LPE-9000 device id
(git-fixes).
- commit 533d12f
- USB: serial: option: add Quectel EC200U modem (git-fixes).
- commit dc34ec6
- USB: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes).
- commit b8ed016
- Refresh
patches.suse/USB-serial-option-add-Quectel-EM05-G-modem.patch.
- commit df40afb
- Refresh
patches.suse/USB-serial-option-add-support-for-u-blox-LARA-R6-fam.patch.
- commit 13f6793
- USB: zaurus: Add ID for A-300/B-500/C-700 (git-fixes).
- commit 7f1436c
- x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
- commit e345bea
- x86/srso: Explain the untraining sequences a bit more (git-fixes).
- commit 71144e1
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes).
- commit bf1a2fa
- x86/cpu: Cleanup the untrain mess (git-fixes).
- commit a6086d7
- xfrm: add NULL check in xfrm_update_ae_params (bsc#1213666
CVE-2023-3772).
- commit fa1caab
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- commit 2cfb3ab
- x86/cpu: Rename original retbleed methods (git-fixes).
- commit 1310fe3
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
- commit e7d0cb6
- x86/cpu: Fix __x86_return_thunk symbol type (git-fixes).
- commit ddb54e9
- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes).
- commit 19c2705
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes).
- commit 9b3cb5f
- x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
- commit 3c5d037
- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (git-fixes).
- commit ee484fd
- x86/srso: Fix build breakage with the LLVM linker (git-fixes).
- commit 87ffd8d
- Update config files. Drop the dpt_i2o kernel module.
For: jsc#PED-4579, CVE-2023-2007
- commit 55a7a29
- fs: jfs: fix possible NULL pointer dereference in dbFree() (bsc#1214348 CVE-2023-4385).
- commit 47225b2
- blacklist.conf: add drivers/net/ethernet/fujitsu/
- commit 3029931
- net: vmxnet3: fix possible use-after-free bugs in
vmxnet3_rq_alloc_rx_buf() (bsc#1214350 CVE-2023-4387).
- commit a117715
- blacklist.conf: kABI
- commit d3731cb
- patches.suse/btrfs-allow-use-of-global-block-reserve-for-balance-.patch:
(bsc#1214335).
- commit 22c271f
- blacklist.conf: too risky
- commit 711552b
- usb: xhci-mtk: set the dma max_seg_size (git-fixes).
- commit 96d510e
- usb: xhci: Check endpoint is valid before dereferencing it
(git-fixes).
- commit 759ec87
- xhci-pci: set the dma max_seg_size (git-fixes).
- commit fed4fe1
- xhci: Remove device endpoints from bandwidth list when freeing
the device (git-fixes).
- commit 841d8bb
- usb: host: xhci: Fix potential memory leak in
xhci_alloc_stream_info() (git-fixes).
- commit c04f324
- powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059
git-fixes).
- commit 4b78272
- bnx2x: fix page fault following EEH recovery (bsc#1214299).
- commit 04ecd0c
- net/af_unix: fix a data-race in unix_dgram_poll (git-fixes).
- commit c65eb1d
- udp6: Fix race condition in udp6_sendmsg & connect (git-fixes).
- commit 8bfe338
- af_unix: Fix a data race of sk->sk_receive_queue->qlen
(git-fixes).
- commit fa2c287
- af_key: Fix send_acquire race with pfkey_register (git-fixes).
- commit f3afa57
- af_packet: fix data-race in packet_setsockopt /
packet_setsockopt (git-fixes).
- commit 67256be
- blacklist.conf: Add a07db5c08657 sched/core: Fix CPU controller for !RT_GROUP_SCHED
- commit dd8fafd
- blacklist.conf: Add 354d77930706 sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[]
- commit 9062495
- net/af_unix: fix a data-race in unix_dgram_sendmsg /
unix_release_sock (git-fixes).
- commit 210495b
- udp: fix race between close() and udp_abort() (git-fixes).
- commit a5be337
- skbuff: fix a data race in skb_queue_len() (git-fixes).
- commit 5ea9284
- packet: fix data-race in fanout_flow_is_huge() (git-fixes).
- commit 4e14632
- net: icmp: fix data-race in cmp_global_allow() (git-fixes).
- Refresh
patches.suse/icmp-randomize-the-global-rate-limiter.patch.
- commit ac95ea3
- inetpeer: fix data-race in inet_putpeer / inet_putpeer
(git-fixes).
- commit 80a2ee8
- packet: unconditionally free po->rollover (git-fixes).
- commit b37ed03
- media: usb: siano: Fix warning due to null work_func_t function
pointer (bsc#1213969 CVE-2023-4132).
- commit 75a6a97
- media: usb: siano: Fix use after free bugs caused by
do_submit_urb (bsc#1213969 CVE-2023-4132).
- commit 4613c3a
- netfilter: nf_conntrack: Fix possible possible crash on module
loading (git-fixes).
- commit 6f6cadf
- blacklist.conf: update blacklist
- commit f72ef52
- x86/speculation: Add cpu_show_gds() prototype (git-fixes).
- commit 9cd20c4
- fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes).
- commit f41c2a0
- net/sched: cls_route: No longer copy tcf_result on update to
avoid use-after-free (bsc#1214149 CVE-2023-4128).
- net/sched: cls_fw: No longer copy tcf_result on update to
avoid use-after-free (bsc#1214149 CVE-2023-4128).
- net/sched: cls_u32: No longer copy tcf_result on update to
avoid use-after-free (bsc#1214149 CVE-2023-4128).
- commit c462108
- Sort latest foray of security patches
- Refresh patches.suse/kvm-add-gds_no-support-to-kvm.patch.
- Refresh
patches.suse/x86-speculation-add-gather-data-sampling-mitigation.patch.
- Refresh
patches.suse/x86-srso-add-a-speculative-ras-overflow-mitigation.patch.
- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
- commit 6e04a2d
- s390/dasd: fix hanging device after quiesce/resume (git-fixes
bsc#1214157).
- commit a759906
- cxgb4: fix use after free bugs caused by circular dependency
problem (bsc#1213970 CVE-2023-4133).
- timers: Provide timer_shutdown[_sync]() (bsc#1213970).
- timers: Add shutdown mechanism to the internal functions
(bsc#1213970).
- timers: Split [try_to_]del_timer[_sync]() to prepare for
shutdown mode (bsc#1213970).
- timers: Silently ignore timers with a NULL function
(bsc#1213970).
- timers: Rename del_timer() to timer_delete() (bsc#1213970).
- timers: Rename del_timer_sync() to timer_delete_sync()
(bsc#1213970).
- timers: Use del_timer_sync() even on UP (bsc#1213970).
- timers: Update kernel-doc for various functions (bsc#1213970).
- timers: Replace BUG_ON()s (bsc#1213970).
- clocksource/drivers/sp804: Do not use timer namespace for
timer_shutdown() function (bsc#1213970).
- clocksource/drivers/arm_arch_timer: Do not use timer namespace
for timer_shutdown() function (bsc#1213970).
- ARM: spear: Do not use timer namespace for timer_shutdown()
function (bsc#1213970).
- commit 7812c75
- xen/netback: Fix buffer overrun triggered by unusual packet
(CVE-2023-34319, XSA-432, bsc#1213546).
- commit 3798a75
- Refresh patches.kabi/cpufeatures-kabi-fix.patch.
- commit c9296b1
- x86/srso: Tie SBPB bit setting to microcode patch detection (bsc#1213287, CVE-2023-20569).
- commit 18888c5
- blacklist.conf: ("arm64: Use correct ll/sc atomic constraints")
- commit fe276b3
- blacklist.conf: ("arm64: Avoid redundant type conversions in xchg() and cmpxchg()")
- commit bd2ee86
- bpf, arm64: use more scalable stadd over ldxr / stxr loop in xadd (git-fixes)
- commit 17e6299
- bpf, arm64: remove prefetch insn in xadd mapping (git-fixes)
- commit 07a4057
- arm64: vdso: Fix clock_getres() for CLOCK_REALTIME (git-fixes)
- commit ebeacd1
- arm64: Re-enable support for contiguous hugepages (git-fixes)
- commit ebd168a
- ubifs: fix snprintf() checking (git-fixes).
- commit 43c222a
- net: tap_open(): set sk_uid from current_fsuid() (CVE-2023-4194
bsc#1214019).
- net: tun_chr_open(): set sk_uid from current_fsuid()
(CVE-2023-4194 bsc#1214019).
- commit 82ba5a9
- tracing: Fix warning in trace_buffered_event_disable()
(git-fixes).
- commit d93f525
- ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes).
- commit 0dc7589
- fs: hfsplus: remove WARN_ON() from
hfsplus_cat_{read,write}_inode() (git-fixes).
- commit 90060d8
- nfsd: Remove incorrect check in nfsd4_validate_stateid
(git-fixes).
- commit 8542ece
- Update config files. - Refresh patches.suse/x86-srso-add-srso_no-support.patch.
Ensure SRSO is always built and also ensure that msr interception works
correctly when writing to PRED_CMD msr with the SRSO_NO capability
present.
- commit c88c60d
- patches.kabi/cpufeatures-kabi-fix.patch: (bsc#1213287, CVE-2023-20569).
x86 bug bits alias into cap bits. However with the introduction of the
kABI fix for CPUID bits bug and cap ints need to be handled separately.
- commit 335c50e
- s390/ftrace: fix endless recursion in function_graph tracer
(git-fixes bsc#1213912).
- commit dee4f50
- s390/time: ensure get_clock_monotonic() returns monotonic values
(git-fixes bsc#1213911).
- commit 5c3c506
- s390/cpum_sf: Check for SDBT and SDB consistency (git-fixes
bsc#1213910).
- commit b02a979
- s390/cpum_sf: Avoid SBD overflow condition in irq handler
(git-fixes bsc#1213908).
- commit a9dbd12
- s390/smp: __smp_rescan_cpus() - move cpumask away from stack
(git-fixes bsc#1213906).
- commit c4dc11f
- s390/smp: fix physical to logical CPU map for SMT (git-fixes
bsc#1213904).
- commit 8c91a3b
- blacklist.conf: cleanup commit
- commit 4d18b38
- net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes).
- commit d1428d0
- blacklist.conf: This is a feature
- commit 99bb16b
- s390/jump_label: print real address in a case of a jump label
bug (git-fixes bsc#1213899).
- commit c684264
- kabi fix test
- commit 87ce69f
- bpf: add missing header file include (bsc#1211738
CVE-2023-0459).
- commit ca4ea63
- s390/cpum_sf: Adjust sampling interval to avoid hitting sample
limits (git-fixes bsc#1213827).
- commit 8ee8817
- s390/maccess: add no DAT mode to kernel_write (git-fixes
bsc#1213825).
- commit bab3d2c
- vfio-ccw: Release any channel program when releasing/removing
vfio-ccw mdev (git-fixes bsc#1213823).
- commit 60eb99d
- vfio-ccw: Prevent quiesce function going into an infinite loop
(git-fixes bsc#1213819).
- commit 123e763
- Update
patches.suse/scsi-zfcp-Fix-missing-auto-port-scan-and-thus-missing-target-ports
(git-fixes bsc#1202670).
- commit dacbbc4
- Update
patches.suse/s390-dasd-fix-no-record-found-for-raw_track_access.patch
(git-fixes bsc#1212266 bsc#1207528).
- commit ae7fc88
- blacklist.conf: build warnings only
- commit 6609aaf
- media: videodev2.h: Fix struct v4l2_input tuner index comment
(git-fixes).
- commit 5a43e28
- block: Fix a source code comment in
include/uapi/linux/blkzoned.h (git-fixes).
- commit d8748d6
- blacklist.conf: kABI
- commit 2515e35
- blacklist.conf: kABI
- commit ec2e2d5
- blacklist.conf: kABI
- commit d01b20b
- blacklist.conf: irrelevant because you are not to do upstream
development with a SLE12 kernel
- commit 1dcedba
- blacklist.conf: irrelevant build fix
- commit db201cc
- blacklist.conf: irrelevant build fix
- commit ef696c2
- blacklist.conf: irrelevant build fix
- commit e324526
- blacklist.conf: irrelevant build fix
- commit 280f872
- livepatch: check kzalloc return values (git-fixes).
- commit c090f07
- virtio_net: bugfix overflow inside xdp_linearize_page()
(git-fixes).
- commit b6531dc
- virtio-net: Keep stop() to follow mirror sequence of open()
(git-fixes).
- commit 6c6da5a
- vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes).
- commit 95a2d87
- virtio_net: fix xdp_rxq_info bug after suspend/resume
(git-fixes).
- commit cededae
- virtio-mmio: fix missing put_device() when vm_cmdline_parent
registration failed (git-fixes).
- commit cc5a462
- s390/numa: move initial setup of node_to_cpumask_map (git-fixes
bsc#1213766).
- commit 44aa432
- net/sched: cls_u32: Fix reference counter leak leading to
overflow (CVE-2023-3609 bsc#1213586).
- commit a166dc2
- virtio-pci: Remove wrong address verification in vp_del_vqs()
(git-fixes).
- commit fb88881
- blacklist.conf: triggers kABI check (bsc#1213350)
- commit c36a4a3
- blacklist.conf: just a cleanup that doesn't fix anything
- commit bef0bce
- blacklist.conf: a fix for never packported patch
- commit e2e42cd
- Fix double fget() in vhost_net_set_backend() (git-fixes).
- commit e283c32
- vhost/vsock: don't check owner in vhost_vsock_stop() while
releasing (git-fixes).
- commit 6e93d45
- net/sched: cls_fw: Fix improper refcount update leads to
use-after-free (CVE-2023-3776 bsc#1213588).
- commit 0349f73
- net/sched: sch_qfq: account for stab overhead in qfq_enqueue
(CVE-2023-3611 bsc#1213585).
- net/sched: sch_qfq: refactor parsing of netlink parameters
(bsc#1213585).
- blacklist follow-up commit 158810b261d0 ("net/sched: sch_qfq: reintroduce
lmax bound check for MTU") as unlike the original upstream commit, our
backport does not remove the check
- commit 5488c28
- net: skip virtio_net_hdr_set_proto if protocol already set
(git-fixes).
- commit 8780cf7
- virtio_ring: Fix querying of maximum DMA mapping size for
virtio device (git-fixes).
- commit 8dacd2d
- vhost/vsock: fix incorrect used length reported to the guest
(git-fixes).
- commit 2a64a7c
- net: virtio_net_hdr_to_skb: count transport header in UFO
(git-fixes).
- commit 9757e32
- vhost_net: fix OoB on sendmsg() failure (git-fixes).
- commit 88459d6
- x86/srso: Add IBPB on VMEXIT (bsc#1213287, CVE-2023-20569).
- commit 14120fa
- vringh: Use wiov->used to check for read/write desc order
(git-fixes).
- commit 6df31aa
- x86/srso: Add IBPB (bsc#1213287, CVE-2023-20569).
- commit 373f015
- x86/srso: Add SRSO_NO support (bsc#1213287, CVE-2023-20569).
- commit 447a133
- x86/cpu, kvm: Add support for CPUID_80000021_EAX (bsc#1213287, CVE-2023-20569).
- commit 8553516
- vhost: Fix the calculation in vhost_overflow() (git-fixes).
- commit 53b92b7
- Delete patches.suse/memcg-drop-kmem-limit_in_bytes.patch.
Remove the patch due to causing bsc#1213705.
- commit 3f5780d
- x86/srso: Add IBPB_BRTYPE support (bsc#1213287, CVE-2023-20569).
- commit 52998d3
- virtio: Improve vq->broken access to avoid any compiler
optimization (git-fixes).
- commit e78eee9
- virtio_net: Fix error handling in virtnet_restore() (git-fixes).
- commit 6e0d3eb
- x86: Sanitize linker script (bsc#1213287, CVE-2023-20569).
- commit 631311e
- x86/retbleed: Add __x86_return_thunk alignment checks (bsc#1213287, CVE-2023-20569).
- commit 00b523c
- vringh: fix __vringh_iov() when riov and wiov are different
(git-fixes).
- commit fc76995
- x86/srso: Add a Speculative RAS Overflow mitigation (bsc#1213287, CVE-2023-20569).
- commit ef43cae
- vhost/vsock: fix packet delivery order to monitoring devices
(git-fixes).
- commit 23364e7
- scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747).
- scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747).
- scsi: qla2xxx: Fix TMF leak through (bsc#1213747).
- scsi: qla2xxx: Turn off noisy message log (bsc#1213747).
- scsi: qla2xxx: Fix session hang in gnl (bsc#1213747).
- scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747).
- scsi: qla2xxx: Fix command flush during TMF (bsc#1213747).
- scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747).
- scsi: qla2xxx: Adjust IOCB resource on qpair create
(bsc#1213747).
- scsi: qla2xxx: Fix deletion race condition (bsc#1213747).
- commit ccb6c62
- scsi: qla2xxx: Fix error code in qla2x00_start_sp()
(bsc#1213747).
- scsi: qla2xxx: Silence a static checker warning (bsc#1213747).
- scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
(bsc#1213747).
- scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747).
- scsi: qla2xxx: Correct the index of array (bsc#1213747).
- scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747).
- scsi: qla2xxx: Fix buffer overrun (bsc#1213747).
- scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
(bsc#1213747).
- scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747).
- scsi: qla2xxx: Fix potential NULL pointer dereference
(bsc#1213747).
- scsi: qla2xxx: Array index may go out of bound (bsc#1213747).
- scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747).
- scsi: qla2xxx: Fix end of loop test (bsc#1213747).
- scsi: qla2xxx: Fix NULL pointer dereference in target mode
(bsc#1213747).
- commit f23fa07
- virtio-balloon: fix managed page counts when migrating pages
between zones (git-fixes).
- commit 5ada11d
- vhost/vsock: split packets to send using multiple buffers
(git-fixes).
- commit e3832ce
- vhost/test: fix build for vhost test (git-fixes).
- commit 1e9d49e
- vsock/virtio: stop workers during the .remove() (git-fixes).
- commit 1f19f2b
- vsock/virtio: use RCU to avoid use-after-free on
the_virtio_vsock (git-fixes).
- commit a525dd1
- kernel-binary.spec.in: Remove superfluous %% in Supplements
Fixes: 02b7735e0caf ("rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs")
- commit 264db74
- vhost_net: disable zerocopy by default (git-fixes).
- commit 05e0782
- xen/blkfront: Only check REQ_FUA for writes (git-fixes).
- commit 2f31c71
- scripts/CKC: mark local variables as such
The default global and dynamic scope nature of bash variables is causing
some race conditions. For example, missing hashes are sometimes printed
and sometimes not, depending on what is found in $missing variable. For
loops and functions are polluting global namespace with outdated state
that is being picked up on their next run. We should religiously mark
local variables as such unless we want to explicity do global store.
- commit 34619f5
- git_sort: netdev remotes switched from master to main branch
- commit 3544134
- s390/cio: check the subchannel validity for dev_busid
(bsc#1207526).
- commit 512a26a
- s390/cio: add dev_busid sysfs entry for each subchannel
(bsc#1207526).
- commit ff8d9d4
- s390/cio: introduce io_subchannel_type (bsc#1207526).
- Refresh
patches.suse/s390-cio-generate-delayed-uevent-for-vfio-ccw-subchannels.
- commit c7d1471
- vc_screen: don't clobber return value in vcs_read (bsc#1213167
CVE-2023-3567).
- vc_screen: modify vcs_size() handling in vcs_read() (bsc#1213167
CVE-2023-3567).
- vc_screen: move load of struct vc_data pointer in vcs_read()
to avoid UAF (bsc#1213167 CVE-2023-3567).
- commit d1352c9
- x86/microcode/AMD: Make stub function static inline (bsc#1213286, CVE-2023-20593)
Refresh patches.suse/x86-cpu-amd-add-a-zenbleed-fix.patch.
- commit 78a62d1
- svcrdma: Prevent page release when nothing was received
(git-fixes).
- SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (git-fixes).
- nfsd: fix double fget() bug in __write_ports_addfd()
(git-fixes).
- SUNRPC: remove the maximum number of retries in call_bind_status
(git-fixes).
- NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease
(git-fixes).
- commit 2c4e751
- blacklist.conf: added drbd git-fix to ignore
- commit c682535
- blacklist.conf: Add a not-relevant ftrace fix
- commit 95f476b
- ring-buffer: Fix deadloop issue on reading trace_pipe
(git-fixes).
- commit 2ca6140
- README.BRANCH: Add myself as co-maintainer
- commit 432c0e5
- KVM: Add GDS_NO support to KVM (bsc#1206418, CVE-2022-40982).
- commit 363876a
- x86/speculation: Add Gather Data Sampling mitigation (bsc#1206418, CVE-2022-40982).
- commit 89ac44a
- netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
(CVE-2023-35001 bsc#1213059).
- commit 846f417
- fuse: revalidate: don't invalidate if interrupted (bsc#1213525).
- commit d6449dc
- uaccess: Add speculation barrier to copy_from_user()
(bsc#1211738 CVE-2023-0459).
- commit 8370997
- ocfs2: fix use-after-free when unmounting read-only filesystem
(git-fixes).
- commit 2b3e0de
- ocfs2: check new file size on fallocate call (git-fixes).
- commit 39f6614
- x86/cpu/amd: Add a Zenbleed fix (bsc#1213286, CVE-2023-20593).
- commit 9c7bbf1
- x86/cpu/amd: Move the errata checking functionality up (bsc#1213286, CVE-2023-20593).
- commit 06feaef
- USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
- commit 722987b
- blacklist.conf: risk of regression
- commit 77e520e
- USB: serial: option: add Fibocom FM160 0x0111 composition
(git-fixes).
- commit 5e781fe
- USB: serial: option: add Sierra Wireless EM9191 (git-fixes).
- commit a5c215c
- blacklist.conf: kABI
- commit 272efb8
- USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes).
- commit a3f4bd9
- USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes).
- commit 0683869
- powerpc/security: Fix Speculation_Store_Bypass reporting on
Power10 (bsc#1188885 ltc#193722 git-fixes).
- powerpc/64: Update Speculation_Store_Bypass in
/proc/<pid>/status (bsc#1188885 ltc#193722 git-fixes).
- commit c14b3fc
- Refresh
patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s-asso.patch.
- commit ed0f049
- Refresh
patches.suse/cifs-split-out-ses-and-tcon-retrieval-from-mount_get_conns-.patch.
- Refresh
patches.suse/cifs-support-nested-dfs-links-over-reconnect.patch.
Fix backport of
patches.suse/cifs-support-nested-dfs-links-over-reconnect.patch
(bsc#1212871)
- commit 3f2dafd
- blacklist.conf: fix for patch that is not included
- commit 8426871
- s390/perf: Return error when debug_register fails (git-fixes
bsc#1212657).
- commit 0fcfe58
- Update patches.suse/08-x86-bugs-provide-boot-parameters-for-the-spec_store_bypass_disable-mitigation.patch
(bsc#1087082 CVE-2018-3639 bsc#1207561).
- commit cdd6858
- Update patches.suse/08-x86-bugs-provide-boot-parameters-for-the-spec_store_bypass_disable-mitigation.patch
(bsc#1087082 CVE-2018-3639 bsc#1207561).
- commit 35a0609
- rpm: Update dependency to match current kmod.
- commit d687dc3
- usb: core: add quirk for Alcor Link AK9563 smartcard reader
(git-fixes).
- commit 8095fd4
- usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
- commit 6c36377
- uas: ignore UAS for Thinkplus chips (git-fixes).
- commit 6536763
- usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes).
- commit 454dfcf
- uas: add no-uas quirk for Hiksemi usb_disk (git-fixes).
- commit 49cc350
- USB: hcd-pci: Fully suspend across freeze/thaw cycle
(git-fixes).
- commit 9d12426
- usb: hub: Add delay for SuperSpeed hub resume to let links
transit to U0 (git-fixes).
- commit ec30965
- usb: core: hub: Disable autosuspend for Cypress CY7C65632
(git-fixes).
- Refresh
patches.suse/usb-core-hub-disable-autosuspend-for-TI-TUSB8041.patch.
- commit 3ec99e4
- x86/speculation/mmio: Print SMT warning (git-fixes).
- commit 304caaa
- x86: Fix return value of __setup handlers (git-fixes).
- commit 53fc9a6
- x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes).
- commit 873671b
- x86/cpu: Load microcode during restore_processor_state() (git-fixes).
- commit e7bd394
- x86/bugs: Remove apostrophe typo (git-fixes).
- commit 972a8b3
- x86/bugs: Enable STIBP for JMP2RET (git-fixes).
- Refresh patches.suse/x86-bugs-enable-stibp-for-ibpb-mitigated-retbleed.patch.
- commit c8acef1
- x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts (git-fixes).
- commit ba92ee5
- blacklist.conf: cosmetic change
- commit 4490310
- s390: limit brk randomization to 32MB (git-fixes bsc#1213346).
- commit 99a7771
- s390/perf: Change CPUM_CF return code in event init function
(git-fixes bsc#1213344).
- commit 8991783
- git_sort: Add OF fixes branch.
- commit 2b00b1d
- blacklist.conf: cleanup designed to break kABI
- commit 9af40cb
- net: mana: Add support for vlan tagging (bsc#1212301).
- commit 9f17643
- s390/dasd: fix memleak in path handling error case (git-fixes
bsc#1213221).
- commit d16f3d6
- vfio-ccw: Do not call flush_workqueue while holding the spinlock
(git-fixes bsc#1213218).
- commit 99ea851
- vfio-ccw: fence off transport mode (git-fixes bsc#1213215).
- commit 09eec4a
- blacklist.conf: license change
- commit 092eb89
- btrfs: fix resolving backrefs for inline extent followed by
prealloc (bsc#1213133).
- commit 9143ce4
- fs: hfsplus: fix UAF issue in hfsplus_put_super (bsc#1211867, CVE-2023-2985).
- commit 0939c1b
- memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
- commit 3699a6e
- Update metadata
- commit 4f06ed0
- rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME
They depend on CONFIG_TOOLCHAIN_HAS_*.
- commit 1007103
- powerpc/mm/dax: Fix the condition when checking if altmap
vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes).
- commit 49e2ec1
- ubi: Fix failure attaching when vid_hdr offset equals to
(sub)page size (bsc#1210584).
- ubi: ensure that VID header offset + VID header size <= alloc,
size (bsc#1210584).
- commit 4331e8e
- scripts/gitlog2changes: Handle SSH signatures
Commit a384f306f91 (Fix parsing of GPG-signed commit) added the ability
to handle lines beginning with gpgsig but only added the check for the
PGP signatures. It would mark the state as being within a signature and
not print anything and get stuck in that state because the check was
only looking for PGP and not SSH signatures like the ones used in the
repo.
- commit 98cedc3
- blacklist.conf: Blacklist a408f33e895e4
- commit 6fc7467
- include/trace/events/writeback.h: fix -Wstringop-truncation
warnings (bsc#1213023).
- blacklist.conf: Remove commit d1a445d3b8 from blacklist
- patches.suse/writeback-Fix-sync-livelock-due-to-b_dirty_time-proc.patch:
Refresh
- commit 4c9bb20
- lib/string: Add strscpy_pad() function (bsc#1213023).
- commit 3c00676
- fs: fix guard_bio_eod to check for real EOD errors
(bsc#1213042).
- commit a1e013d
- udf: Check consistency of Space Bitmap Descriptor (bsc#1210771).
- commit 7ebedbc
- udf: Do not update file length for failed writes to inline files
(bsc#1213041).
- commit 18b4c06
- udf: Do not bother merging very long extents (bsc#1213040).
- commit b8138fe
- udf: Truncate added extents on failed expansion (bsc#1213039).
- commit edadd0d
- udf: Define EFSCORRUPTED error code (bsc#1213038).
- commit b1ce7bf
- udf: Fix extending file within last block (bsc#1213037).
- commit 43eaf71
- udf: Discard preallocation before extending file with a hole
(bsc#1213036).
- commit d6c23d6
- udf: Do not bother looking for prealloc extents if i_lenExtents
matches i_size (bsc#1213035).
- commit 4ee0c8f
- udf: Fix preallocation discarding at indirect extent boundary
(bsc#1213034).
- commit 4ad4e85
- udf: Drop unused arguments of udf_delete_aext() (bsc#1213033).
- commit 1a487a5
- udf: Avoid double brelse() in udf_rename() (bsc#1213032).
- commit c1551d1
- inotify: Avoid reporting event with invalid wd (bsc#1213025).
- commit 1b40fc6
- writeback: fix call of incorrect macro (bsc#1213024).
- commit be6c80a
- memcg: fix a crash in wb_workfn when a device disappears
(bsc#1213023).
Refresh patches.suse/writeback-Fix-sync-livelock-due-to-b_dirty_time-proc.patch
- commit ab66f3a
- blkcg, writeback: dead memcgs shouldn't contribute to writeback
ownership arbitration (bsc#1213022).
- commit deeb8e8
- blacklist.conf: Blacklist 12e0613715e1
- commit 0f8099a
- ext4: fix to check return value of freeze_bdev() in
ext4_shutdown() (bsc#1213021).
- commit e4bb61c
- ext4: Fix reusing stale buffer heads from last failed mounting
(bsc#1213020).
- commit 39e60c2
- ext4: only update i_reserved_data_blocks on successful block
allocation (bsc#1213019).
- commit 9a3a64e
- blacklist.conf: Blacklist dea9d8f7643f
- commit 2a0b76b
- ext4: bail out of ext4_xattr_ibody_get() fails for any reason
(bsc#1213018).
- commit e0aebad
- blacklist.conf: Blacklist 2220eaf90992
- commit 0a7a059
- ext4: improve error recovery code paths in __ext4_remount()
(bsc#1213017).
- commit 0d0eede
- blacklist.conf: Blacklist aff3bea95388
- commit 4c5264c
- blacklist.conf: Blacklist 4f04351888a8
- commit 15cda77
- blacklist.conf: Blacklist b87c7cdf2bed
- commit 2eafae9
- blacklist.conf: Blacklist 463808f237cf
- commit 6d6f5a5
- ext4: fix i_disksize exceeding i_size problem in paritally
written case (bsc#1213015).
- commit 7b579a0
- jdb2: Don't refuse invalidation of already invalidated buffers
(bsc#1213014).
- commit 0c38716
- blacklist.conf: Blacklist 93cdf49f6eca
- commit 725de91
- ext4: zero i_disksize when initializing the bootloader inode
(bsc#1213013).
- commit 1c940cb
- ext4: fix WARNING in ext4_update_inline_data (bsc#1213012).
- commit c52c259
- ext4: move where set the MAY_INLINE_DATA flag is set
(bsc#1213011).
- commit 5819fe4
- ext4: fix RENAME_WHITEOUT handling for inline directories
(bsc#1210766).
- commit c039f47
- ext4: fix cgroup writeback accounting with fs-layer encryption
(bsc#1210765).
- commit dd448da
- blacklist.conf: Blacklist 0813299c586b
- commit bd6a717
- blacklist.conf: Blacklist 0f7bfd6f8164
- commit 2a94ded
- ext4: fail ext4_iget if special inode unallocated (bsc#1213010).
- commit 630fe8f
- blacklist.conf: Blacklist e4db04f7d3db, 1e9d62d25281, f31173c19901
- commit 77a2527
- blacklist.conf: Blacklist cc12a6f25e07
- commit 3c8b58f
- ext4: avoid unaccounted block allocation when expanding inode
(bsc#1207634).
- commit 9e6d432
- ext4: initialize quota before expanding inode in setproject
ioctl (bsc#1207633).
- commit b8cc1a5
- ext4: fix deadlock due to mbcache entry corruption
(bsc#1207653).
- commit cb6b593
- igb: revert rtnl_lock() that causes deadlock (git-fixes).
- Refresh patches.suse/igb-Enable-SR-IOV-after-reinit.patch.
- commit e174406
- fs: dlm: handle -EBUSY first in lock arg validation (git-fixes).
- commit ba06019
- fs: dlm: fix race between test_bit() and queue_work()
(git-fixes).
- commit af66625
- dlm: fix missing lkb refcount handling (git-fixes).
- commit 1fdc07a
- dlm: fix plock invalid read (git-fixes).
- commit 5846a6b
- fs: dlm: filter user dlm messages for kernel locks (git-fixes).
- commit 70cf60c
- fs: dlm: fix memory leak when fenced (git-fixes).
- commit d603d38
- fs: dlm: cancel work sync othercon (git-fixes).
- commit ae6c300
- fs: dlm: fix debugfs dump (git-fixes).
- commit 93164bc
- fs: dlm: fix configfs memory leak (git-fixes).
- commit afdd8b1
- dlm: fix invalid cluster name warning (git-fixes).
- commit a02356b
- dlm: NULL check before kmem_cache_destroy is not needed
(git-fixes).
- commit 7f3aa73
- dlm: fix missing idr_destroy for recover_idr (git-fixes).
- commit 5d97801
- dlm: fix possible call to kfree() for non-initialized pointer
(git-fixes).
- commit 52d34af
- dlm: Delete an unnecessary variable initialisation in
dlm_ls_start() (git-fixes).
- commit 8663a16
- ext4: avoid BUG_ON when creating xattrs (bsc#1205496).
- commit 349d51a
- ext4: fix error code return to user-space in ext4_get_branch()
(bsc#1207630).
- commit f7cb6ba
- ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629).
- commit ffba993
- ext4: fix bug_on in __es_tree_search caused by bad boot loader
inode (bsc#1207620).
- commit cccc3e5
- ext4: add inode table check in __ext4_get_inode_loc to aovid
possible infinite loop (bsc#1207617).
- commit 859359e
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when
journal aborted (bsc#1202716).
- commit e85fc79
- blacklist.conf: Blacklist 310c097c2bdb
- commit 522a9c3
- fs: prevent BUG_ON in submit_bh_wbc() (bsc#1212990).
Refresh patches.suse/ext4-fix-error-code-in-ext4_commit_super.patch
- commit daeb235
- jbd2: abort journal if free a async write error metadata buffer
(bsc#1212989).
- commit 5f2b1c4
- jbd2: fix data races at struct journal_head (bsc#1173438).
- commit 7c8dc88
- blacklist.conf: Blacklist 24dc9864914e
- commit b656355
- jbd2: Fix statistics for the number of logged blocks
(bsc#1212988).
- commit 9de4b16
- jbd2: fix invalid descriptor block checksum (bsc#1212987).
- commit 8705ef8
- jbd2: fix race when writing superblock (bsc#1212986).
- commit 6256642
- blacklist.conf: Add 6f363f5aa845 cgroup: Do not corrupt task iteration when rebinding subsystem
- commit e6c7d2e
- patches.suse/btrfs-unset-reloc-control-if-transaction-commit-fail.patch:
(bsc#1212051).
- commit f5c0b6d
- ceph: fix use-after-free bug for inodes when flushing capsnaps
(bsc#1212938).
- commit e731236
- Remove more packaging cruft for SLE < 12 SP3
- commit a16781c
- Get module prefix from kmod (bsc#1212835).
- commit f6691b0
- scripts/CKC: for hashes, check even the base kernel
Thanks to Michal Koutný (mkoutny@suse.com) for the review.
- commit ec71870
- blacklist.conf: gcc 12 issue
- commit 612c29c
- blacklist.conf: cosmetic fix to suppress a compiler warning
- commit f46848d
- rpm/check-for-config-changes: ignore also PAHOLE_HAS_*
We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE.
- commit 86b52c1
- fs: ocfs2: fix a possible null-pointer dereference in
ocfs2_write_end_nolock() (git-fixes).
- commit ea30d59
- fs: ocfs2: fix a possible null-pointer dereference in
ocfs2_info_scan_inode_alloc() (git-fixes).
- commit 4a538d4
- ocfs2: fix non-auto defrag path not working issue (git-fixes).
- commit 28a9871
- ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes).
- commit 190f99a
- ocfs2: fix memory leak in ocfs2_stack_glue_init() (git-fixes).
- commit ac6dbde
- ocfs2: clear dinode links count in case of error (git-fixes).
- commit f1a97d4
- ocfs2: fix BUG when iput after ocfs2_mknod fails (git-fixes).
- commit e11f180
- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
(git-fixes).
- commit 70db5f3
- ocfs2: fix a NULL pointer dereference when call
ocfs2_update_inode_fsync_trans() (git-fixes).
- commit f3e26c1
- ocfs2: call journal flush to mark journal as empty after
journal recovery when mount (git-fixes).
- commit d5a28a3
- ocfs2: clear zero in unaligned direct IO (git-fixes).
- commit 4189b4d
- ocfs2: wait for recovering done after direct unlock request
(git-fixes).
- commit b3e22bb
- ocfs2: remove set but not used variable 'last_hash' (git-fixes).
- commit d403713
- ocfs2: fix a panic problem caused by o2cb_ctl (git-fixes).
- commit b701b96
- ocfs2: don't clear bh uptodate for block read (git-fixes).
- commit 30ca2be
- ocfs2: clear journal dirty flag after shutdown journal
(git-fixes).
- commit ccfe523
- ocfs2: fix panic due to unrecovered local alloc (git-fixes).
- commit 007a17f
- ocfs2: fix potential use after free (git-fixes).
- commit 49406d3
- ocfs2: fix deadlock caused by ocfs2_defrag_extent() (git-fixes).
- commit f258e7d
- ocfs2: fix clusters leak in ocfs2_defrag_extent() (git-fixes).
- commit 01bc1d8
- ocfs2: don't put and assigning null to bh allocated outside
(git-fixes).
- commit 760bd24
- fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in
dlm_print_one_mle() (git-fixes).
- commit 01c2b72
- ocfs2: take inode cluster lock before moving reflinked inode
from orphan dir (git-fixes).
- commit 7e1768a
- ocfs2/dlm: don't handle migrate lockres if already in shutdown
(git-fixes).
- commit 04cf6d0
- usrmerge: Adjust module path in the kernel sources (bsc#1212835).
With the module path adjustment applied as source patch only
ALP/Tumbleweed kernel built on SLE/Leap needs the path changed back to
non-usrmerged.
- commit dd9a820
- ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842
CVE-2023-3090).
- commit bd94484
- btrfs: unset reloc control if transaction commit fails in
prepare_to_relocate() (bsc#1212051 CVE-2023-3111).
- commit 6726801
- scripts/CKC: it doesn't make sense to see the last $term
List all the misssing ${term}s
- commit deb970b
- kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).
- commit 95a40a6
- kprobes: Fix to handle forcibly unoptimized kprobes on
freeing_list (git-fixes).
- commit 35c8c33
- kprobes: Fix check for probe enabled in kill_kprobe()
(git-fixes).
- commit a744c64
- HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes
bsc#1212606 CVE-2023-3358).
- commit 448bfe3
- igb: fix nvm.ops.read() error handling (git-fixes).
- bnxt_en: Query default VLAN before VNIC setup on a VF
(git-fixes).
- igb: fix bit_shift to be in [1..8] range (git-fixes).
- ixgbe: Enable setting RSS table to default values (git-fixes).
- ixgbe: Allow flow hash to be set via ethtool (git-fixes).
- bnxt_en: Fix typo in PCI id to device description string mapping
(git-fixes).
- igbvf: Regard vf reset nack as success (git-fixes).
- intel/igbvf: free irq on the error path in igbvf_request_msix()
(git-fixes).
- igb: Enable SR-IOV after reinit (git-fixes).
- bnxt_en: Fix mqprio and XDP ring checking logic (git-fixes).
- ixgbe: fix pci device refcount leak (git-fixes).
- igb: Initialize mailbox message for VF reset (git-fixes).
- igb: Allocate MSI-X vector when testing (git-fixes).
- bnxt_en: Remove debugfs when pci_register_driver failed
(git-fixes).
- bnxt_en: fix potentially incorrect return value for
ndo_rx_flow_steer (git-fixes).
- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
(git-fixes).
- bnxt_en: fix NQ resource accounting during vf creation on
57500 chips (git-fixes).
- igb: Add lock to avoid data race (git-fixes).
- ixgbe: Add locking to prevent panic when setting sriov_numvfs
to zero (git-fixes).
- bnxt_en: reclaim max resources if sriov enable fails
(git-fixes).
- igb: Make DMA faster when CPU is active on the PCIe link
(git-fixes).
- ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes).
- ixgbe: fix bcast packets Rx on VF after promisc removal
(git-fixes).
- igb: skip phy status check where unavailable (git-fixes).
- dim: initialize all struct fields (bsc#1174852).
- ixgbe: ensure IPsec VF<->PF compatibility (git-fixes).
- igc: Fix BUG: scheduling while atomic (git-fixes).
- igc: Fix infinite loop in release_swfw_sync (git-fixes).
- ixgbe: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx
to skb (git-fixes).
- igc: igc_write_phy_reg_gpy: drop premature return (git-fixes).
- igc: igc_read_phy_reg_gpy: drop premature return (git-fixes).
- ixgbe: set X550 MDIO speed before talking to PHY (git-fixes).
- igbvf: fix double free in `igbvf_probe` (git-fixes).
- igb: fix netpoll exit with traffic (git-fixes).
- commit 34bf378
- powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall
(bsc#1212701).
- commit 207c27c
- blacklist.conf: Add 3f5f766d5f7f powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06
- commit 1a3b374
- sched/core: Use smp_mb() in wake_woken_function() (git-fixes)
- commit 5df8049
- sched/fair: Fix util_avg of new tasks for asymmetric systems (git-fixes)
- commit 828ccf7
- net: ks8851: Dequeue RX packets explicitly (git-fixes).
- commit fe5ef52
- net: dev: Use unsigned integer as an argument to left-shift
(git-fixes).
- commit 0bf77d3
- net: set static variable an initial value in atl2_probe()
(git-fixes).
- commit 08dc41f
- net: thunderx: make CFG_DONE message to run through generic
send-ack sequence (git-fixes).
- commit dbc5a3f
- net: marvell: mvneta: fix DMA debug warning (git-fixes).
- commit c48f8b1
- l2tp: hold reference on tunnels printed in l2tp/tunnels debugfs
file (git-fixes).
- commit b182fac
- l2tp: hold reference on tunnels printed in pppol2tp proc file
(git-fixes).
- commit 1f7ac1f
- l2tp: hold reference on tunnels in netlink dumps (git-fixes).
- commit 9be2a0f
- ipv4: fix uninit-value in ip_route_output_key_hash_rcu()
(git-fixes).
- Refresh
patches.suse/ipv4-Return-ENETUNREACH-if-we-can-t-create-route-but.patch.
- commit ea68726
- netlabel: If PF_INET6, check sk_buff ip header version
(git-fixes).
- commit 058c41d
- blacklist.conf: renaming device
- commit 9dfee21
- blacklist.conf: cleanup; another dead reference
- commit 735761f
- blacklist.conf: kABI breakage; does not fix any bug
- commit 1276dc0
- usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes).
- commit 539dc8d
- put quirk_disable_autosuspend into a hole (git-fixes).
- commit d42a632
- USB: hub: Fix the broken detection of USB3 device in SMSC hub
(git-fixes).
- blacklist.conf: patch itself is useless, but needed as infrastructure
- commit f4a7f78
- USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes).
- commit d8d554b
- netfilter: x_tables: add and use xt_check_proc_name (git-fixes).
- commit a579604
- blacklist.conf: update blacklist
- commit 1b6a52d
- s390/dasd: Use correct lock while counting channel queue length
(LTC#202775 bsc#1212443).
- commit c2ba548
- binfmt_elf: Take the mmap lock when walking the VMA list
(bsc#1209039 CVE-2023-1249).
- commit 6550df3
- relayfs: fix out-of-bounds access in relay_file_read
(bsc#1212502 CVE-2023-3268).
- kernel/relay.c: fix read_pos error when multiple readers
(bsc#1212502 CVE-2023-3268).
- commit f9dadc6
- bluetooth: Perform careful capability checks in hci_sock_ioctl()
(bsc#1210533 CVE-2023-2002).
- commit cb9bcb2
- media: dm1105: Fix use after free bug in dm1105_remove due to
race condition (bsc#1212501 CVE-2023-35824).
- commit a511fea
- x86/kprobes: Fix arch_check_optimized_kprobe check within
optimized_kprobe range (git-fixes).
- commit 261c02b
- e1000e: Disable TSO on i219-LM card to increase speed
(git-fixes).
- e1000e: Fix TX dispatch condition (git-fixes).
- net/mlx4: Check retval of mlx4_bitmap_init (git-fixes).
- net/mlx4_en: Fix wrong return value on ioctl EEPROM query
failure (git-fixes).
- e1000e: Fix possible overflow in LTR decoding (git-fixes).
- e1000e: Correct NVM checksum verification flow (git-fixes).
- net/mlx4_en: Fix an use-after-free bug in
mlx4_en_try_alloc_resources() (git-fixes).
- net/mlx4_en: Don't allow aRFS for encapsulated packets
(git-fixes).
- net/mlx4_en: Resolve bad operstate value (git-fixes).
- mlx5: count all link events (git-fixes).
- commit 084d4cc
- x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
(git-fixes).
- commit 9ede6f6
- kprobes: Fix to check probe enabled before
disarm_kprobe_ftrace() (git-fixes).
- commit 0f174b4
- blacklist.conf: Add not needed kprobes fixes
- commit 9c2f070
- kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation
logic (git-fixes).
- commit 36f829b
- coda: fix build using bare-metal toolchain (git-fixes).
- commit 2df3146
- coda: add error handling for fget (git-fixes).
- commit c092001
- uapi linux/coda_psdev.h: move upc_req definition from uapi to
kernel side headers (git-fixes).
- commit 074a075
- coda: pass the host file in vma->vm_file on mmap (git-fixes).
- commit 728d4d8
- revert "squashfs: harden sanity check in
squashfs_read_xattr_id_table" (git-fixes).
- commit fc7c6f6
- hfs/hfsplus: avoid WARN_ON() for sanity check, use proper
error handling (git-fixes).
- commit e8ee0dd
- affs: initialize fsdata in affs_truncate() (git-fixes).
- commit f9e83d6
- fs/affs: release old buffer head on error path (git-fixes).
- commit b0b572b
- fs/ufs: avoid potential u32 multiplication overflow (git-fixes).
- commit a84c265
- fs/adfs: super: fix use-after-free bug (git-fixes).
- commit 02200da
- Drop a buggy dvb-core fix patch (bsc#1205758)
Also the kabi workaround is dropped, too
- commit 34f0c8e
- README.BRANCH: Add Miroslav Franc as a co-maintainer
- commit e545474
- README.BRANCH: Update the maintainer list
- commit 65a6ad8
- scripts/osc_wrapper: remove useless variable
We went over the code with Michal Koutný <mkoutny@suse.com> and
concluded that "arch" isn't used anywhere.
- commit 0b62dc0
- kernel-docs: Add buildrequires on python3-base when using python3
The python3 binary is provided by python3-base.
- commit c5df526
- blacklist.conf: removes exported symbol
- commit 39cf0dc
- blacklist.conf: add git-fix not needed
- commit 50851fb
- kprobes: Prohibit probes in gate area (git-fixes).
- commit 4a73d55
- kprobes: don't call disarm_kprobe() for disabled kprobes
(git-fixes).
- commit 5cbfb40
- kprobes: Forbid probing on trampoline and BPF code areas
(git-fixes).
- commit 667fe1b
- samples/kretprobes: Fix return value if register_kretprobe()
failed (git-fixes).
- commit 5b1b600
- kprobes: Do not use local variable when creating debugfs file
(git-fixes).
- commit 7286e91
- usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being
a V0.96 controller.
- commit b40a0f8
- USB: serial: qcserial: add new usb-id for Dell branded EM7455
(git-fixes).
- commit ab28954
- kretprobe: Avoid re-registration of the same kretprobe earlier
(git-fixes).
- commit c2cc176
- USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
(git-fixes).
- commit 3561afe
- blacklist.conf: relevant only for kernel development
- commit 99f403c
- blacklist.conf: relevant only for kernel development
- commit 9c92369
- blacklist.conf: build fix irrelevant for us
- commit b9a3ab1
- blacklist.conf: build fix irrelevant for us
- commit 2f6b7fd
- blacklist.conf: only for kernel development
- commit cf47010
- blacklist.conf: relevant only for kernel development
- commit 1370701
- blacklist.conf: relevant only for kernel development
- commit f1f85a4
- blacklist.conf: unneeded build fix
- commit c531cca
- blacklist.conf: relevant only for kbuild irrelevant in the build system
- commit 1faed4b
- scripts/bugzilla: Add heuristics for version selection
Product versions are not sorted chronologically (fun fact: in SLE12-SP5
lexicographical sort equaled chronological). The script workload doesn't
care about exact version, so use heuristics of a '*Maint-Upd'
maintenance update and fall back to 'unspecified' if available.
The goal is to supply a version that allows opening a new bug.
When the script needs to be used with finer version granularity, it must
be modified.
- commit 2b30313
- scripts/bugzilla: Hide version filter behind cmdline option
- commit 258aa7f
- scripts/bugzilla: Add graceful handling of versionless products
- commit 4427add
- Revert "scripts/bugzilla-create: skip 'unspecified' version"
This reverts commit d7a9adc850b0581b1852117e194ee7307d25abc5.
It turns out some products have only a single version 'unspecified'
(e.g. "SUSE Linux Enterprise Server 12 SP5") and BZ CLI cannot open bugs
for them.
In retrospect, the commit 9921a2ad677 ("scripts/bugzilla: report only
active versions") is true fix for impossibility to file bugs on
'unspecied' version (hypothesis by Miroslav Franc <mfranc@suse.cz>), so
we don't need to filter it out.
- commit ca91488
- kprobes: fix kill kprobe which has been marked as gone
(git-fixes).
- commit 77940f3
- kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
(git-fixes).
- commit f08285c
- kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex
(git-fixes).
- commit 64b09f1
- kprobes: Set unoptimized flag after unoptimizing code
(git-fixes).
- commit e2d065d
- kprobes: Prohibit probing on BUG() and WARN() address
(git-fixes).
- commit 0a4ad8b
- kprobes: Fix error check when reusing optimized probes
(git-fixes).
- commit 11aecb3
- kprobes: Remove pointless BUG_ON() from reuse_unused_kprobe()
(git-fixes).
- Refresh
patches.suse/kprobes-Return-error-if-we-fail-to-reuse-kprobe-inst.patch.
- commit 1fb5f11
- kprobes: Don't call BUG_ON() if there is a kprobe in use on
free list (git-fixes).
- commit e0562e5
- kprobes: Use synchronize_rcu_tasks() for optprobe with
CONFIG_PREEMPT=y (git-fixes).
- commit 32c4978
- blacklist.conf: Add more powerpc unsupported platform paths
- commit 80240fd
- s390/dasd: fix no record found for raw_track_access (git-fixes
bsc#1212266).
- commit 9377e38
- blacklist.conf: just a cleanup, potential dead reference won't break anything
- commit ae3248a
- scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup()
(git-fixes).
- scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes).
- scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes).
- scsi: megaraid_sas: Fix crash after a double completion
(git-fixes).
- scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes).
- scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
(git-fixes).
- scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
(git-fixes).
- scsi: mpt3sas: Fix NULL pointer access in
mpt3sas_transport_port_add() (git-fixes).
- scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
(git-fixes).
- scsi: ipr: Work around fortify-string warning (git-fixes).
- scsi: ses: Don't attach if enclosure has no components
(git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
(git-fixes).
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses
(git-fixes).
- scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
(git-fixes).
- scsi: ses: Fix slab-out-of-bounds in
ses_enclosure_data_process() (git-fixes).
- scsi: aic94xx: Add missing check for dma_map_single()
(git-fixes).
- scsi: mpt3sas: Fix a memory leak (git-fixes).
- scsi: libsas: Remove useless dev_list delete in
sas_ex_discover_end_dev() (git-fixes).
- commit 9bcdcf3
- s390/kasan: avoid vdso instrumentation (git-fixes bsc#1212244).
- commit e08fb9a
- CDC-NCM: avoid overflow in sanity checking (git-fixes).
- commit c5a973e
- net: fec: fix rare tx timeout (git-fixes).
- commit 8adec9a
- net: macb: Clean 64b dma addresses if they are not detected
(git-fixes).
- commit 889275f
- scsi: zfcp: assert that the ERP lock is held when tracing a
recovery trigger (git-fixes bsc#1212240).
- commit eb171ad
- openvswitch: fix linking without CONFIG_NF_CONNTRACK_LABELS
(git-fixes).
- commit 444e066
- net: fix warning in af_unix (git-fixes).
- commit a389e79
- blacklist.conf: blacklist MDIO_BCM_UNIMAC
- commit 62fb3cf
- s390/smsgiucv: disable SMSG on module unload (git-fixes
bsc#1212236).
- commit 1cef259
- net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
(git-fixes).
- commit e119b8c
- net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
(git-fixes).
- commit cb1afd9
- xfrm: Refuse to insert 32 bit userspace socket policies on 64
bit systems (git-fixes).
- commit 413544a
- net: cdc_ncm: remove set but not used variable 'ctx'
(git-fixes).
- commit 0867b66
- blacklist.conf: update blacklist
- commit 7a1167e
- net/usb/drivers: Remove useless hrtimer_active check
(git-fixes).
- commit 5dc6e54
- fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes).
- commit d94e079
- s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes
bsc#1212185).
- commit 4d63d84
- fbcon: Check font dimension limits (CVE-2023-3161 bsc#1212154).
- commit 481687d
- s390/netiucv: Fix return type of netiucv_tx() (git-fixes
bsc#1212175).
- commit 8055c39
- s390/lcs: Fix return type of lcs_start_xmit() (git-fixes
bsc#1212173).
- commit bb085e1
- Move setting %%build_html to config.sh
- commit 647b21a
- s390/kprobes: fix irq mask clobbering on kprobe reenter from
post_handler (git-fixes bsc#1212170).
- commit 21760dd
- xfs: fix rm_offset flag handling in rmap keys (git-fixes).
- commit 09f5a59
- Squashfs: fix handling and sanity checking of xattr_ids count
(git-fixes).
- commit 78ee867
- squashfs: harden sanity check in squashfs_read_xattr_id_table
(git-fixes).
- commit 006d643
- fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes).
- commit 4693a49
- hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
(git-fixes).
- commit 6189e17
- hfsplus: fix bug causing custom uid and gid being unable to
be assigned with mount (git-fixes).
- commit 3226ad8
- s390/kprobes: fix current_kprobe never cleared after kprobes
reenter (git-fixes bsc#1212167).
- commit 94cf46f
- hfs: Fix OOB Write in hfs_asc2mac (git-fixes).
- commit 5986c8d
- hfs: fix OOB Read in __hfs_brec_find (git-fixes).
- commit f70b4c6
- hfs/hfsplus: use WARN_ON for sanity check (git-fixes).
- commit 1caaab9
- hfs: add lock nesting notation to hfs_find_init (git-fixes).
- commit 37dff28
- hfs: fix high memory mapping in hfs_bnode_read (git-fixes).
- commit ae9031e
- hfs: add missing clean-up in hfs_fill_super (git-fixes).
- commit cc1fbe6
- hfsplus: fix crash and filesystem corruption when deleting files
(git-fixes).
- commit 3526c58
- fs/hfs/extent.c: fix array out of bounds read of array extent
(git-fixes).
- commit 5ff3c8a
- hfs: update timestamp on truncate() (git-fixes).
- commit f4e5f42
- hfsplus: update timestamps on truncate() (git-fixes).
- commit 5f7a4bc
- hfs: fix return value of hfs_get_block() (git-fixes).
- commit aa4ce83
- hfsplus: fix return value of hfsplus_get_block() (git-fixes).
- commit 1500cd0
- hfs: prevent btree data loss on ENOSPC (git-fixes).
- commit b6da074
- hfsplus: prevent btree data loss on ENOSPC (git-fixes).
- commit efe705c
- hfs: fix BUG on bnode parent update (git-fixes).
- commit e3129f2
- hfsplus: fix BUG on bnode parent update (git-fixes).
- commit ecc193f
- sysv: use BUILD_BUG_ON instead of runtime check (git-fixes).
- commit 33448c7
- reiserfs: Add security prefix to xattr name in
reiserfs_security_write() (git-fixes).
- commit 381baa2
- reiserfs: Add missing calls to reiserfs_security_free()
(git-fixes).
- commit 894cdec
- reiserfs: check directory items on read from disk (git-fixes).
- commit c73d26d
- reiserfs: add check for root_inode in reiserfs_fill_super
(git-fixes).
- commit 0112af8
- reiserfs: add check for invalid 1st journal block (git-fixes).
- commit 9fe53c4
- reiserfs: only call unlock_new_inode() if I_NEW (git-fixes).
- commit fdc0c7c
- reiserfs: Fix memory leak in reiserfs_parse_options()
(git-fixes).
- commit eda67ce
- reiserfs: prevent NULL pointer dereference in
reiserfs_insert_item() (git-fixes).
- commit 922f823
- reiserfs: propagate errors from fill_with_dentries() properly
(git-fixes).
- commit 529b15f
- reiserfs: change j_timestamp type to time64_t (git-fixes).
- commit 982e84f
- memstick: r592: Fix UAF bug in r592_remove due to race condition
(CVE-2023-3141 bsc#1212129 bsc#1211449).
- commit 77b88e9
- firewire: fix potential uaf in outbound_phy_packet_callback()
(CVE-2023-3159 bsc#1212128).
- commit f62d406
- s390/dasd: fix hanging blockdevice after request requeue
(git-fixes bsc#1212165).
- commit 2203987
- s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes
bsc#1212164).
- commit e732a7c
- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- commit 7ebcbd5
- Refresh
patches.suse/0001-mm-mempolicy-make-mbind-return-EIO-when-MPOL_MF_STRI.patch.
fix the second instance of incorrect MPOL_MF_STRICT check.
- commit 47debde
- PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes).
- commit dd4da3b
- Refresh
patches.suse/ipmi-fix-initialization-when-workqueue-allocation-fa.patch.
Delete also the out: label. Upstream still has users for that label.
Unlike we.
Fixes:
drivers/char/ipmi/ipmi_msghandler.c:5366:1: error: label ‘out’ defined but not used
- commit 05b72bb
- wcn36xx: Fix max channels retrieval (gcc-warning-fixes).
Fixes:
drivers/net/wireless/ath/wcn36xx/smd.c: In function ‘wcn36xx_smd_update_channel_list’:
./include/linux/kernel.h:785:12: error: large integer implicitly truncated to unsigned type
- commit 6bbb096
- Refresh
patches.suse/btrfs-remove-nr_async_submits-and-async_submit_draining.patch.
Fix compiler warning:
fs/btrfs/disk-io.c:815:6: error: unused variable ‘limit’
The upstream patch removes 'limit' too, so follow that up.
- commit 45d33ba
- Refresh
patches.suse/0001-memcg-kmem-further-deprecate-kmem.limit_in_bytes.patch.
Drop memcg_update_kmem_limit() as it is unused now and the compiler
complains:
mm/memcontrol.c:2972:12: error: ‘memcg_update_kmem_limit’ defined but not used
This is done in the upstream patch too.
- commit 660e644
- Move setting %%split_optional to config.sh
- commit 8b0828d
- Refresh
patches.suse/0001-mm-mempolicy-make-mbind-return-EIO-when-MPOL_MF_STRI.patch.
Fix the MPOL_MF_STRICT condition (noticed by Jiri Slaby)
- commit b6b86f2
- Move setting %%supported_modules_check to config.sh
- commit 494d3df
- PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes).
- PCI: aardvark: Clear all MSIs at setup (git-fixes).
- PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
(git-fixes).
- PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity()
(git-fixes).
- PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (git-fixes).
- PCI/MSI: Mask MSI-X vectors only on success (git-fixes).
- PCI/MSI: Destroy sysfs before freeing entries (git-fixes).
- PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
(git-fixes).
- PCI: aardvark: Fix return value of MSI domain .alloc() method
(git-fixes).
- PCI: aardvark: Do not unmask unused interrupts (git-fixes).
- PCI: aardvark: Do not clear status bits of masked interrupts
(git-fixes).
- commit fd8f739
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- commit 799f050
- PCI: aardvark: Replace custom macros by standard
linux/pci_regs.h macros (git-fixes).
- Refresh
patches.suse/PCI-aardvark-Fix-PCIe-Max-Payload-Size-setting.patch.
- blacklist.conf: remove it from there
While it's a cleanup, it's a prerequisite for the following patches.
- commit 4ef2916
- blacklist.conf: add some PCI git-fixes
- commit dcca97f
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- commit 334fb4d
- net: hisilicon: Fix "Trying to free already-free IRQ"
(git-fixes).
- commit 997c2f2
- qed: Add cleanup in qed_slowpath_start() (git-fixes).
- commit 912dd32
- net: myri10ge: fix memory leaks (git-fixes).
- commit 47340d2
- cxgb4: fix a memory leak bug (git-fixes).
- commit 3c000ae
- net: cxgb3_main: Fix a resource leak in a error path in
'init_one()' (git-fixes).
- commit e158810
- net/ethernet/qlogic/qed: force the string buffer NULL-terminated
(git-fixes).
- commit 4ba9e6b
- qed: RDMA - Fix the hw_ver returned in device attributes
(git-fixes).
- commit 410eb8e
- blacklist.conf: update blacklist
- commit 2c3f74d
- ixgbe: Check DDM existence in transceiver before access
(git-fixes).
- commit 510e134
- net: axienet: Fix race condition causing TX hang (git-fixes).
- commit e7cf2ee
- bnx2x: Check if transceiver implements DDM before access
(git-fixes).
- commit c586a4b
- sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077)
- commit 6b28935
- Also include kernel-docs build requirements for ALP
- commit 114d088
- Move the kernel-binary conflicts out of the spec file.
Thie list of conflicting packages varies per release.
To reduce merge conflicts move the list out of the spec file.
- commit 4d81125
- Avoid unsuported tar parameter on SLE12
- commit 2b8c97b
- usb: xhci: rework grace period logic (git-fixes).
- commit 0d7b2a3
- xhci: Add grace period after xHC start to prevent premature
runtime suspend (git-fixes).
- commit 7c3b440
- Move obsolete KMP list into a separate file.
The list of obsoleted KMPs varies per release, move it out of the spec
file.
- commit 016bc55
- Trim obsolete KMP list.
SLE11 is out of support, we do not need to handle upgrading from SLE11
SP1.
- commit 08819bb
- powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729).
- commit ad0e3ea
- Generalize kernel-doc build requirements.
- commit 23b058f
- kernel-binary: Add back kernel-default-base guarded by option
Add configsh option for splitting off kernel-default-base, and for
not signing the kernel on non-efi
- commit 8ad6a28
- gve: Remove the code of clearing PBA bit (bsc#1211519).
- gve: Secure enough bytes in the first TX desc for all TCP pkts
(bsc#1211519).
- gve: Cache link_speed value from device (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Fix error return code in gve_prefill_rx_pages()
(bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path
(bsc#1211519).
- gve: Fix GFP flags when allocing pages (bsc#1211519).
- google/gve:fix repeated words in comments (bsc#1211519).
- gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519).
- gve: enhance no queue page list detection (bsc#1211519).
- commit cda49a1
- usb: idmouse: fix an uninit-value in idmouse_open (git-fixes).
- commit e7f1d31
- ntp
-
- Update to 4.2.8p17:
* Fix some regressions of 4.2.8p16
- Update to 4.2.8p16:
* [Sec 3808] Assertion failure in ntpq on malformed RT-11 date
* [Sec 3807], bsc#1210390, CVE-2023-26555:
praecis_parse() in the Palisade refclock driver has a
hypothetical input buffer overflow.
* [Sec 3767] An OOB KoD RATE value triggers an assertion when
debug is enabled.
* Obsoletes: ntp-CVE-2023-26551.patch, ntp-sntp-dst.patch,
ntp-ENOBUFS.patch
* Multiple bug fixes and improvements. For details, see:
/usr/share/doc/packages/ntp/ChangeLog
http://www.ntp.org/support/securitynotice/4_2_8-series-changelog/
- Follow upstream's suggestion to build with debugging disabled:
https://www.ntp.org/support/securitynotice/ntpbug3767/
- python
-
- Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing
gh#python/cpython#108310, backport from upstream patch
gh#python/cpython#108315
(bsc#1214692, CVE-2023-40217)
- Fix the application of the python-2.7.17-switch-off-failing-SSL-tests.patch.
- python-2.7.5-multilib.patch: Update for riscv64
- Don't fail if _ctypes or dl extension was not built
- The condition around libnsl-devel BuildRequires is NOT
switching off NIS support on SLE < 15, support for NIS used to
be in the glibc itself. Partial revert of sr#1061583.
- Add PygmentsBridge-trime_doctest_flags.patch to allow build of
the documentation even with the current Sphinx. (SUSE-ONLY
PATCH, DO NOT SEND UPSTREAM!)
- Enable --with-system-ffi for non-standard architectures.
- SLE-12 builds nis.so as well.
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
bsc#1208471) blocklists bypass via the urllib.parse component
when supplying a URL that starts with blank characters
- Disable NIS for new products, it's deprecated and gets removed
- Add skip_unverified_test.patch because apparently switching off
SSL verification doesn't work on older SLE.
- Restore python-2.7.9-sles-disable-verification-by-default.patch
for SLE-12.